1
2
3
4
5
6
7
作者:李晓辉

联系方式:

1. 微信:Lxh_Chat

2. 邮箱:939958092@qq.com

解读课堂环境

主课堂⽹络是 172.25.250.0/24 ,⽤作 RHOSP 安装的外部公共⽹络。学员的 workstation 系统位于此⽹络上,并且配置有浏览器和⽤于使⽤ RHOSP 客⼾端实⽤程序的命令⾏⼯具。

确认一下路由器上的网络情况

1
2
3
[root@bastion ~]# ip a | grep "172.25"
    inet 172.25.250.254/24 brd 172.25.250.255 scope global noprefixroute eth0
    inet 172.25.252.250/24 brd 172.25.252.255 scope global noprefixroute eth1

在 director 上,接⼝ eth0 附加到外部⽹络。br-ctlplane ⽹桥封装了接⼝ eth1,附加到provisioning ⽹络

1
2
3
4
5
[root@director ~]# ip a | grep "172.25"
    inet 172.25.250.200/24 brd 172.25.250.255 scope global noprefixroute eth0
    inet 172.25.249.200/24 brd 172.25.249.255 scope global br-ctlplane
    inet 172.25.249.202/32 scope global br-ctlplane
    inet 172.25.249.201/32 scope global br-ctlplane
1
2
3
4
5
6
[root@director ~]# ovs-vsctl list-br
br-ctlplane
br-int
[root@director ~]# ovs-vsctl list-ifaces br-ctlplane
eth1
phy-br-ctlplane

undercloud 和 overcloud 节点共享许多内部管理⽹络,比如tenant ⽹络、internal API 通信⽹络、provisioning ⽹络等

1
2
3
4
5
6
7
8
9
10
11
[root@controller0 ~]# ip route
default via 172.25.250.254 dev br-ex
169.254.169.254 via 172.25.249.200 dev eth0
172.23.0.0/16 dev o-hm0 proto kernel scope link src 172.23.3.42
172.24.1.0/24 dev vlan10 proto kernel scope link src 172.24.1.1
172.24.2.0/24 dev vlan20 proto kernel scope link src 172.24.2.1
172.24.3.0/24 dev vlan30 proto kernel scope link src 172.24.3.1
172.24.4.0/24 dev vlan40 proto kernel scope link src 172.24.4.1
172.24.5.0/24 dev vlan50 proto kernel scope link src 172.24.5.1
172.25.249.0/24 dev eth0 proto kernel scope link src 172.25.249.56
172.25.250.0/24 dev br-ex proto kernel scope link src 172.25.250.1
1
2
3
4
(undercloud) [stack@director ~]$ ip route
default via 172.25.250.254 dev eth0 proto static metric 100
172.25.249.0/24 dev br-ctlplane proto kernel scope link src 172.25.249.200
172.25.250.0/24 dev eth0 proto kernel scope link src 172.25.250.200 metric 100

classroom 服务器

在课程进⾏过程中,classroom 使⽤ HTTP ⽂件服务器为具体的练习提供材料。classroom 还运⾏环境的 NTP 服务。

1
2
[root@classroom ~]# grep ^allow /etc/chrony.conf
allow 172.25/16
1
2
3
4
5
(undercloud) [stack@director ~]$ chronyc tracking
Reference ID    : AC19FEFE (classroom.example.com)
Stratum         : 9
Ref time (UTC)  : Sun Dec 31 16:42:02 2023
System time     : 0.000002085 seconds slow of NTP time
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@classroom ~]# ls /var/www/html/
content  index.html  materials
[root@classroom ~]# ls /var/www/html/content/
boot  courses  ks  manifests  rhel7.0  rhel8.2  rhosp16.1  rhtops  slides  ucf
[root@classroom ~]# ls /var/www/html/materials/
00-node-info.yaml-clean  developer1-finance-rc       instackenv-onenode.json  osp-db.qcow2               rhel-updates.repo
00-node-info.yaml-setup  docs                        iptables-compute         osp-small.qcow2            rmq_trace.py
aide.conf                exports-controller0         iptables-controller0     osp-web.qcow2              scapy-2.3.2-1.noarch.rpm
ansible                  exports-controller0-clean   keypairs                 overcloud-heat-templates   server_new.py
ansible-app-resolved     fstab-compute               livemig.pp               passwd-controller0         squid-config
backup-and-restore       fstab-setup                 motd.custom              pcs_resource_status        squid-iptables-rules
ceph.repo                group-controller0           motd-script.sh           qemu.conf-clean            storage-swiftrings
cinder-rbd-params.txt    heat                        nfs-controller0          qemu.conf-setup            templates.tgz
cl210_consumer           hosts                       nfs-controller0-clean    rhel-8.2-x86_64-kvm.qcow2
cl210_producer           index-cr.html               openstack.repo           rhel-dvd-director.repo
classroom-plan.tar.gz    instackenv-compreview.json  oscli-setup.sh           rhel-dvd.repo

DNS 区域

classroom 系统包括 BIND DNS 服务器,包含初始课程安装中系统的解析地址。条⽬包括底层的课堂虚拟机监控程序,以及 workstation 和 classroom 系统等

课堂环境中,地址范围 172.25.250.101 ⾄ .189 是为浮动 IP 地址保留的,尽量不要占用

本课程中也会用到本地 /etc/hosts

1
2
3
4
[root@classroom ~]# cd /var/named/
[root@classroom named]# ls
172.25.zone         data     example.com.zone         named.ca     named.localhost  slaves
172.25.zone-backup  dynamic  example.com.zone-backup  named.empty  named.loopback
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@workstation ~]# cat /etc/hosts | more
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.25.254.254  classroom.example.com classroom
172.25.254.254  content.example.com content
172.25.254.254  materials.example.com materials
150.238.199.40  satellite-dle.ole.redhat.com satellite-dle
### rht-vm-hosts file listing the entries to be appended to /etc/hosts

#172.25.250.100 power.lab.example.com power
172.25.250.200  director.lab.example.com director
172.25.250.220  utility.lab.example.com utility
172.25.250.9    workstation.lab.example.com workstation
172.25.250.254  bastion.lab.example.com bastion
# NOTE: The following uses a 249 subnet
172.25.249.201  director-ui.lab.example.com director-ui
172.25.249.201  undercloud.example.com undercloud

172.25.250.1    controller0.overcloud.example.com controller0
172.25.250.50   keystone.overcloud.example.com keystone
172.25.250.50   overcloud.example.com overcloud
172.25.250.50   dashboard.overcloud.example.com dashboard
172.25.250.2    compute0.overcloud.example.com compute0
172.25.250.3    ceph0.overcloud.example.com ceph0
172.25.250.12   compute1.overcloud.example.com compute1
172.25.250.6    computehci0.overcloud.example.com computehci0

172.25.250.101  float101.instance.example.com float101

IdM 服务器

在本课程中,红帽 IdM 服务器已配置了需要的⽤⼾和组,课程 IdM 服务器在utility 系统上运⾏。需要正确的 Kerberos 凭据才能查询 IdM 服务器。svc-ldap 帐⼾是集成⽤
⼾,由 RHOSP ⾝份服务⽤于查询其他 IdM ⽤⼾帐⼾。

此密码是RedHat123^

1
2
3
4
5
6
7
[root@utility ~]# kinit admin
Password for admin@LAB.EXAMPLE.NET:
[root@utility ~]# ipa user-find | grep User
  User login: admin
  User login: architect1
  User login: svc-ldap
...
1
2
3
4
5
[root@utility ~]# ipa group-find | grep Group
  Group name: admin-admins
  Group name: admins
  Group name: consulting-admins
...

utility 服务器也提供特殊的⽹络⽤途,在后续章节中,您将创建具有唯⼀ VLAN ID 的提供商⽹络。因此 utility 服务器配置为模拟交换机,具有四个虚拟 NIC,代表 VLAN ID 101 到 104。

1
2
3
4
5
6
[root@utility ~]# ip -br a | grep eth1
eth1             UP
eth1.102@eth1    UP             10.0.102.1/24 fe80::5054:ff:fe03:dc/64
eth1.104@eth1    UP             10.0.104.1/24 fe80::5054:ff:fe03:dc/64
eth1.101@eth1    UP             10.0.101.1/24 fe80::5054:ff:fe03:dc/64
eth1.103@eth1    UP             10.0.103.1/24 fe80::5054:ff:fe03:dc/64

电源管理

在课程提供的 power 系统上,预配置的 CLI 接⼝⽤作虚拟基板管理控制器(BMC),使⽤ IPMI 管理每个 RHOSP 虚拟机,这与管理真实裸机的⽅式类似。每个虚拟机都配置了各⾃单独的 BMC 配置,在端⼝ 623 使⽤不同的侦听地址。指定 IP 地址的 IPMI 命令会定向到 power 系统,以请求底层虚拟机监控程序在由提交的 IP 地址表⽰的 VM 上发起电源状态更改。

1
2
3
4
5
6
[root@power ~]$ netstat -uln | grep 623
udp        0      0 172.25.249.103:623      0.0.0.0:*
udp        0      0 172.25.249.101:623      0.0.0.0:*
udp        0      0 172.25.249.102:623      0.0.0.0:*
udp        0      0 172.25.249.112:623      0.0.0.0:*
udp        0      0 172.25.249.106:623      0.0.0.0:*
1
2
3
4
5
6
7
8
9
10
11
[student@power ~]$ cat /etc/bmc/vms
# List the VMs that the fake ipmi will manage. Include in the list one
# VM name per line along with the proxy IP the IPMI client (ipmitool)
# will use to manage it.
#
# EXAMPLE: VM_NAME,IP_ADDRESS
controller,172.25.249.101
compute0,172.25.249.102
ceph0,172.25.249.103
compute1,172.25.249.112
computehci0,172.25.249.106