概要
apt使用本地源,pip使用本地源
网络环境
物理机环境
网络名 | 网络地址 | VLAN |
br-ex | 192.168.200.250/24 | 90 |
br-mgmt | 92.0.0.100/24 | 92 |
ansible控制主机配置
主机类型 | 操作系统 | 配置 | 角色 |
KVM虚拟机 | ubuntu 16.04 TLS server | 内存:2GB 磁盘:30GB 网卡:ens3(br-ex) ens4(br-mgmt) | deploy |
网络名 | 网络地址 | VLAN |
管理网络 | 172.29.236.0/22 | 10 |
内网网络 | 172.29.248.0/22 | 10 |
外网 | 192.168.200.0/24 | - |
- 网络配置
# vim /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 192.168.200.10
netmask 255.255.255.0
gateway 192.168.200.1
dns-nameserver 114.114.114.114
auto ens4
iface ens4 inet manual
auto ens4.10
iface ens4.10 inet manual
vlan-raw-device ens4
auto br-mgmt
iface br-mgmt inet static
address 172.29.236.10
netmask 255.255.252.0
bridge_ports ens4.10
auto br-vlan
iface br-vlan inet static
address 172.29.248.10
netmask 255.255.252.0
bridge_ports ens4- 设置阿里源
# vim sources.list
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse
# apt-get install aptitude build-essential git ntp ntpdate openssh-server python python-dev sudo debootstrap bridge-utils vlan lxc
# reboot- 安装openstack-ansible
# git clone -b 14.1.0 https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible
# cd /opt/openstack-ansible
### 编辑脚本修改export ANSIBLE_PACKAGE="ansible==2.1.4"
# vim scripts/bootstrap-ansible.sh
# scripts/bootstrap-ansible.sh
# ssh-keygen -t rsa
# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
# chmod 600 /root/.ssh/authorized_keys- 设置配置文件
# cp -r /opt/openstack-ansible/etc/openstack_deploy/ /etc/
### 生成openstack服务配置文件
# cp /etc/openstack_deploy/openstack_user_config.yml.test.example /etc/openstack_deploy/openstack_user_config.yml
# sed -i -e "s/host_bind_override: \"eth12\"/host_bind_override: \"ens3\"/g" /etc/openstack_deploy/openstack_user_config.yml
# sed -i -e "s/external_lb_vip_address:.*/external_lb_vip_address: 192\.168\.200\.11/g" /etc/openstack_deploy/openstack_user_config.yml
### 用户自定义配置文件
# vim /etc/openstack_deploy/user_variables.yml
openstack_service_publicuri_proto: http
### 使用apt下载rabbitmq-server软件包
rabbitmq_install_method: "distro"
### 使用apt下载Perconah和Qpress软件包
use_percona_upstream: true
galera_server_percona_distro_packages:
- qpress
- percona-xtrabackup-22
### 自动生成密码配置文件
# python /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml- GIT缓存制作
### 用户自定义配置文件
# vim /etc/openstack_deploy/user_variables.yml
repo_build_git_cache: /opt/git/openstack/
### 脚本详见问题处理---"git缓存相关脚本"
### 克隆代码
# mkdir -p /opt/git/openstack
# python gitclone.py
### 切换分支
# python gitcheckout.py
### 关闭任务- name: Clone git repositories asynchronously的git模块的update
# vim /etc/ansible/roles/repo_build/tasks/repo_clone_git.yml
update: no- LXC容器模板制作
### 下载容器模板
# apt install lxc
# /usr/bin/lxc-create --name LXC_NAME --template download --bdev dir -- --dist ubuntu --release xenial --arch amd64 --force-cache --server images.linuxcontainers.org --keyserver hkp://keyserver.ubuntu.com:80
### 在"- name: Stat the prepared LXC cache"和"- include: lxc_cache.yml"任务之间添加如下内容
# vim /etc/ansible/roles/lxc_hosts/tasks/main.yml
- name: Synchronise the contents of the LXC cache to the LXC host
synchronize:
src: "{{ lxc_container_cache_path }}/"
dest: "{{ lxc_container_cache_path }}"
when:
- "{{ not lxc_cache_stat.stat.exists
or (lxc_cache_stat.stat.exists
and lxc_cache_stat.stat.mtime > lxc_cache_timeout) }}"
tags:
- always- 本地源搭建
将repo服务安装在ansible主机上
# vim /opt/openstack-ansible/playbooks/inventory/env.d/pkg_repo.yml
component_skel:
pkg_repo:
belongs_to:
- repo_all
container_skel:
repo_container:
belongs_to:
- repo-infra_containers
contains:
- pkg_repo
properties:
service_name: repo
is_metal: true
# vim /etc/openstack_deploy/openstack_user_config.yml
repo-infra_hosts:
repo:
ip: 172.29.236.10在ansible控制主机上构建本地源
# vim /etc/openstack_deploy/user_variables.yml
repo_pkg_cache_enabled: false
# cd /opt/openstack-ansible/playbooks/
# openstack-ansible repo-install.yml修改源相关配置文件
### 注释 - include: repo-install.yml
# vim /opt/openstack-ansible/playbooks/setup-infrastructure.yml
### 设置源地址
# vim /etc/openstack_deploy/user_variables.yml
pip_get_pip_options: "--index-url http://172.29.248.10:{{ repo_server_port }}/pools --trusted-host 172.29.248.10"
pip_install_options: "--no-index --find-links http://172.29.248.10:{{ repo_server_port }}/links --trusted-host 172.29.248.10"
openstack_repo_url: "http://172.29.248.10:{{ repo_server_port }}"
openstack_repo_git_url: "git://172.29.248.10"
### 删除galera_client的源检测动作
# sed -i -e "/when: add_repo | changed/d" /etc/ansible/roles/galera_client/tasks/galera_client_install_apt.yml- 搭建部分软件APT源镜像
查询openstack-ansible需要添加的额外的apt源
# find /etc/ansible/roles -name "ubuntu-16.04.yml" -o -name "debian.yml" | xargs grep -i ".*repo: \"deb "
### 最终找出的需要添加的apt源
# vim /etc/apt/source.list
deb http://download.ceph.com/debian-hammer/ xenial main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu/ xenial-updates/newton main
deb http://mirror.rackspace.com/mariadb/repo/10.0/ubuntu xenial main
deb http://repo.percona.com/apt xenial main ### 去掉,手动下载deb查询openstack-ansible需要安装的deb包
# find /etc/ansible/roles -name "ubuntu-16.04.yml" -o -name "debian.yml" | xargs -i awk '/.*_distro_packages:$/ {while(getline){ if($1 == "-") {print $0} else {break} }}' {} | sort -u -o dists.txt
# sed -i -e 's/#.*$//g' dists.txt
# sed -i -e 's/^[ -]*//g' dists.txt
# sed -i -e 's/"{{ galera_mariadb_apt_server_package }}"/mariadb-galera-server/g' dists.txt
# sed -i -e 's/{{ ansible_kernel }}/4\.4\.0-72-generic/g' dists.txt
# awk '{print $1,$2}' dists.txt | sort -u | grep -v nginx-extra | grep -v pvm-novalink > packages.txt找一台干净的ubuntu server 16.04 TLS对应版本容器内安装debs.txt中的软件并打包缓存
# apt install ubuntu-cloud-keyring
### 添加以下APT源和APT KEY
# vim /etc/apt/source.list
deb http://download.ceph.com/debian-hammer/ xenial main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu/ xenial-updates/newton main
deb http://mirror.rackspace.com/mariadb/repo/10.0/ubuntu xenial main
deb http://repo.percona.com/apt xenial main
### galera_client_gpg_keys:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8
### ceph_gpg_keys:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv e84ac2c0460f3994
### galera_gpg_keys:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9334a25f8507efa5
# apt update
### 方法一(此方式废弃)
# cat packages.txt | xargs -i apt install -y {}
# cd /var/cache/apt/
# tar -acf dists.tar.gz archives
### 方法二
# mkdir archives
# cd archives
# apt install apt-rdepends
# cat packages.txt | xargs apt-rdepends | grep -v ^\ | xargs apt download
# cd ..
# tar -acf dists.tar.gz archives拷贝打包文件到ansible控制主机,并解压到APT源镜像目录
# mkdir -p /var/www/ubuntu-repo/
# tar -zxf dists.tar.gz
# find archives/ -name *.deb | xargs -i cp {} /var/www/ubuntu-repo/
### 有些软件包apt install不会缓存deb,需要自己手动下载(详见问题处理---"本地APT镜像源deb包缺失")配置nginx
# cd /etc/nginx/sites-enabled
# ln -s /etc/nginx/sites-available/default defalut
server {
listen 80;
server_name ubuntu-repo;
access_log /var/log/nginx/openstack-repo.access.log;
error_log /var/log/nginx/openstack-repo.error.log;
location / {
root /var/www/ubuntu-repo/;
autoindex on;
expires 5h;
}
}
# systemctl restart nginx创建GPG KEY
### 生成随机数
# apt install rng-tools
# rngd -r /dev/urandom
### 创建密钥
# gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: nocsys
Email address:
Comment:
You selected this USER-ID:
"nocsys"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
....+++++
.+++++
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 48763DD3 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024R/48763DD3 2017-04-14
Key fingerprint = C12C C3A9 6A9D ABDE FC01 CDA9 857F D33B 4876 3DD3
uid nocsys
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.导出key文件
# cd /var/www/ubuntu-repo
# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/D4CB6DF1 2017-04-14
uid nocsys
# gpg --output keyFile --armor --export D4CB6DF1生成Packages.gz、Release、InRelease、Release.gpg文件
### 后期如果需要添加新deb包,将deb包放入/var/www/ubuntu-repo后重新执行下面命令即可
# cd /var/www/ubuntu-repo
# 生成索引文件
# apt-ftparchive packages . > Packages
# gzip -c Packages > Packages.gz
# apt-ftparchive release . > Release
### 输入前面设置的GPG KEY密码
# gpg --clearsign -o InRelease Release
# gpg -abs -o Release.gpg Release- 修改haproxy转发方式
### 用户自定义配置文件
# vim /etc/openstack_deploy/user_variables.yml
haproxy_ssl: false
### 将haproxy转发方式由http全部改成tcp,详见问题处理---"haproxy tcp转发配置"- 软件包缓存制作
HATop软件包缓存
### 用户自定义配置文件
# vim /etc/openstack_deploy/user_variables.yml
haproxy_hatop_download_url: "http://172.29.248.10:{{ repo_server_port }}/extra/hatop-0.7.7.tar.gz"下载HATop
# mkdir -p /var/www/repo/extra
# cd /var/www/repo/extra
# wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz- horizon设置
horizon启用https
### 用户自定义配置文件
# vim /etc/openstack_deploy/user_variables.yml
horizon_external_ssl: false托管主机模板制作
主机类型 | 操作系统 | 配置 | 主机名 |
KVM虚拟机 | ubuntu 16.04 TLS server | 内存:4GB 磁盘:80GB 网卡:ens3(br-mgmt) | ubuntu |
网络名 | 网络地址 | VLAN |
管理网络 | 172.29.236.0/22 | 10 |
内网网络 | 172.29.248.0/22 | 10 |
- 网络配置
# vim /etc/network/interfaces
auto ens3
iface ens3 inet static
address 172.29.248.254
netmask 255.255.252.0
# reboot- 设置ssh免密码登入
# scp root@172.29.248.10:/root/.ssh/id_rsa.pub ./
# cat id_rsa.pub >> ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys设置软件源
# wget http://172.29.248.10/keyFile
# apt-key add keyFile
# vim /etc/apt/sources.list
deb http://172.29.248.10/ ./
# apt-get install vlan bridge-utils python- 重新配置网络
# vim /etc/network/interfaces
auto ens3
iface ens3 inet manual
auto ens3.10
iface ens3.10 inet manual
vlan-raw-device ens3
auto ens3.20
iface ens3.20 inet manual
vlan-raw-device ens3
auto ens3.30
iface ens3.30 inet manual
vlan-raw-device ens3
auto br-mgmt
iface br-mgmt inet static
address 172.29.236.254
netmask 255.255.252.0
bridge_ports ens3.10
auto br-storage
iface br-storage inet static
address 172.29.244.254
netmask 255.255.252.0
bridge_ports ens3.20
auto br-vxlan
iface br-vxlan inet static
address 172.29.240.254
netmask 255.255.252.0
bridge_ports ens3.30
auto br-vlan
iface br-vlan inet static
address 172.29.248.254
netmask 255.255.252.0
bridge_ports ens3
# reboot- 备份虚拟机
### 拷贝当前虚拟机qcow2文件
# haltansible托管节点环境
主机类型 | 操作系统 | 配置 | 主机名 |
KVM虚拟机 | ubuntu 16.04 TLS server | 内存:4GB 磁盘:30GB 网卡:ens3(br-mgmt) | infra1 |
KVM虚拟机 | ubuntu 16.04 TLS server | 内存:4GB 磁盘:30GB 网卡:ens3(br-mgmt) | compute1 |
KVM虚拟机 | ubuntu 16.04 TLS server | 内存:2GB 磁盘:30GB 网卡:ens3(br-mgmt) | storage1 |
sched节点配置
网络名 | 网络地址 | VLAN |
管理网络 | 172.29.236.0/22 | 10 |
存储网络 | 172.29.244.0/22 | 20 |
隧道网络VXLAN | 172.29.240.0/22 | 30 |
内网网络 | 172.29.248.0/22 | - |
外网网络 | 192.168.200.0/22 | - |
### 使用托管主机模板创建虚拟机,并修改172.29.*.254 => 172.29.*.11nova节点配置
网络名 | 网络地址 | VLAN |
管理网络 | 172.29.236.0/22 | 10 |
存储网络 | 172.29.244.0/22 | 20 |
隧道网络VXLAN | 172.29.240.0/22 | 30 |
内网网络 | 172.29.248.0/22 | - |
### 使用托管主机模板创建虚拟机,并修改172.29.*.254 => 172.29.*.11storage节点配置
网络名 | 网络地址 | VLAN |
管理网络 | 172.29.236.0/22 | 10 |
存储网络 | 172.29.244.0/22 | 20 |
隧道网络VXLAN | 172.29.240.0/22 | 30 |
内网网络 | 172.29.248.0/22 | - |
### 使用托管主机模板创建虚拟机,并修改172.29.*.254 => 172.29.*.11执行openstack-ansible
查询openstack-ansible添加额外软件源的任务位置
### 带文件名
# find /etc/ansible/roles -name "*\.yml"| grep -v "yum" | xargs grep -h -i -e "[a-z|-]*-apt-keys$" -e "[a-z|-]*-repos$" | sort -u
### 不带文件名
# find /etc/ansible/roles -name "*\.yml"| grep -v "yum" | xargs grep -h -i -e "[a-z|-]*-apt-keys$" -e "[a-z|-]*-repos$" | sort -u
- bird-repos
- ceph-apt-keys
- ceph-repos
- etcd-apt-keys
- etcd-repos
- galera-apt-keys
- galera-client-apt-keys
- galera-client-repos
- galera-repos
- haproxy-apt-keys
- haproxy-repos
- keepalived-apt-keys
- lxc-cache-apt-keys ### 去掉,不可skip
- novalink-apt-keys
- percona-repos
- rabbitmq-apt-keys
- rabbitmq-repos
- repo-clone-repos
- add-repo-keys ### 新增
- add-uca-repo ### 新增执行安装
### 使用vnc连入ansible控制主机,断开网络连接
# ifdown ens3
# openstack-ansible setup-hosts.yml --skip-tags "add-repo-keys,add-uca-repo"
# openstack-ansible setup-infrastructure.yml --skip-tags "bird-repos,ceph-apt-keys,ceph-repos,etcd-apt-keys,etcd-repos,galera-apt-keys,galera-repos,galera-client-apt-keys,galera-client-repos,haproxy-apt-keys,haproxy-repos,percona-repos,rabbitmq-apt-keys,rabbitmq-repos,repo-clone-repos,add-repo-keys,add-uca-repo"
# openstack-ansible setup-openstack.yml --skip-tags "bird-repos,ceph-apt-keys,ceph-repos,etcd-apt-keys,etcd-repos,galera-apt-keys,galera-repos,galera-client-apt-keys,galera-client-repos,haproxy-apt-keys,haproxy-repos,percona-repos,rabbitmq-apt-keys,rabbitmq-repos,repo-clone-repos,add-repo-keys,add-uca-repo"验证安装
# lxc-attach -n infra1_utility_container-72d28be9
# source openrc
# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
# openstack network create selfservice
# openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 40.0.0.1 --subnet-range 40.0.0.0/24 subnet-selfservice
# openstack network list
# openstack server create --flavor m1.nano --image cirros --nic net-id=5bbf071e-0540-41a3-8318-38903397484b test
# openstack server list
### 直接访问https://192.168.200.11问题处理
- apt update告警
W: GPG error: http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5EDB1B62EC4926EA
E: The repository 'http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release' is not signed.解决办法
# apt install ubuntu-cloud-keyring- git缓存相关脚本
### 克隆脚本
# cat gitclone.py
import os,yaml,subprocess,logging
yml_path="/opt/openstack-ansible/playbooks/defaults/repo_packages/"
git_path="/opt/git/openstack/"
def exec_clone(url, path):
if url:
print(yml_path+path)
#if subprocess.call("git clone " + url + " " + git_path + path, shell=True):
# logging.error(url + " git clone failed!")
def analysis_dict(data):
for value in data.values():
if isinstance(value, str):
if value.startswith("https://git"):
exec_clone(value, value[value.rfind("/") + 1:])
def analysis_yml(name):
for datas in yaml.load_all(file(yml_path + name, 'r')):
if isinstance(datas, dict):
analysis_dict(datas)
elif isinstance(datas, list):
for data in datas:
analysis_dict(data)
else:
print(name, " error fomat")
if __name__ == '__main__':
logging.basicConfig(filename='error.log')
for name in os.listdir(yml_path):
if name.endswith(".yml"):
analysis_yml(name)
### 分支切换脚本
# cat gitcheckout.py
import os,logging,subprocess
git_path = "/opt/git/openstack/"
dirs_stable = [
"ceilometer",
"nova-lxd",
"ironic-ui",
"keystone",
"cinder",
"requirements",
"neutron-vpnaas",
"nova-powervm",
"neutron-lbaas",
"ironic",
"magnum-ui",
"glance",
"sahara-dashboard",
"heat",
"horizon",
"aodh",
"sahara",
"neutron-fwaas",
"neutron",
"neutron-dynamic-routing",
"nova",
"swift",
"magnum"]
dirs_master = [
"felix",
"gnocchi",
"neutron-lbaas-dashboard",
"tempest",
"rally",
"networking-calico",
"novnc",
"spice-html5"]
def exec_checkout(name, master):
if master:
if name == 'gnocchi':
print("git checkout stable/3.0 " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout stable/3.0", shell=True):
logging.error(" git checkout stable/3.0 " + name +" failed!")
elif name == 'felix':
print("git checkout 1.4.x-series " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout 1.4.x-series", shell=True):
logging.error(" git checkout 1.4.x-series " + name +" failed!")
else:
print("git checkout master " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout master", shell=True):
logging.error(" git checkout master " + name +" failed!")
else:
print("git checkout stable/newton " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout stable/newton", shell=True):
logging.error(" git checkout stable/newton " + name +" failed!")
if __name__ == '__main__':
logging.basicConfig(filename='error.log')
for name in dirs_master:
exec_checkout(name, True)
for name in dirs_stable:
exec_checkout(name, False)- 本地APT镜像源deb包缺失
方法一: 使用命令
apt-get download $(apt-rdepends "${package}" | grep -v ^\ )自动下载,使用软件名替换"${package}"方法二: 自己手动wget
- 在Search package directories栏输入软件包关键字,然后点击搜索
- 在搜索结果页面的软件包 XXX列表选择对应ubuntu版本
- 在软件包页面的下载 XXX栏选择对应的硬件架构
- 最后就可以知道软件的下载子目录,例如 pool/main/g/gdbm/
- 然后找一台空机器apt install XXX下查看系统安装的软件版本
### 补充缺失的deb包
# cd /var/www/ubuntu-repo/
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/audit/auditd_2.4.5-1ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/audit/libauparse0_2.4.5-1ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/a/audit/audispd-plugins_2.4.5-1ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libp/libprelude/libprelude2v5_1.0.0-11.7ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/aide/aide_0.16~a2.git20130520-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libl/liblockfile/liblockfile1_1.09-6ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libl/liblockfile/liblockfile-bin_1.09-6ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.37_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/postfix/postfix_3.1.0-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/b/bsd-mailx/bsd-mailx_8.1.2-0.20160123cvs-2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/aide/aide-common_0.16~a2.git20130520-3_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/t/timelimit/timelimit_1.8.1-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libt/libtomcrypt/libtomcrypt0_1.17-7_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/c/chrony/chrony_2.1.1-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libt/libtommath/libtommath0_0.42.0-1.2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libf/libfile-fnmatch-perl/libfile-fnmatch-perl_0.02-2build2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/d/debsums/debsums_2.1.2_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/logrotate/logrotate_3.8.7-2ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/apparmor/apparmor-profiles_2.10.95-0ubuntu2.6_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/u/ubuntu-cloud-keyring/ubuntu-cloud-keyring_2012.08.14_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/python-apt/python-apt-common_1.1.0~beta1build1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/i/iso-codes/iso-codes_3.65-1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/x/xz-utils/xz-utils_5.1.1alpha%2b20120614-2ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libe/libevent/libevent-2.0-5_2.0.21-stable-2ubuntu0.16.04.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/perl_5.22.1-9_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/perl-modules-5.22_5.22.1-9_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/libperl5.22_5.22.1-9_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/rename/rename_0.20-4_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gdbm/libgdbm3_1.8.3-13.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/m/mpfr4/libmpfr4_3.1.4-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.18.4ubuntu1.1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/patch/patch_2.7.5-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/readline5/libreadline5_5.2%2bdfsg-3build1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pygobject/python3-gi_3.20.0-0ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gobject-introspection/gir1.2-glib-2.0_1.46.0-3ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus-python/python3-dbus_1.2.0-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/python-apt/python3-apt_1.1.0~beta1build1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gobject-introspection/libgirepository-1.0-1_1.46.0-3ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.48.2-0ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.10.6-1ubuntu3.3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus-glib/libdbus-glib-1-2_0.106-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/psmisc/psmisc_22.21-2.1build1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gawk/gawk_4.1.3%2bdfsg-0.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/lsof/lsof_4.89%2bdfsg-0.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/rsync/rsync_3.1.1-3ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libs/libsigsegv/libsigsegv2_2.10-4_amd64.deb
# wget http://repo.percona.com/apt/pool/main/q/qpress/qpress_11-1.xenial_amd64.deb
# wget http://repo.percona.com/apt/pool/main/p/percona-xtrabackup-22/percona-xtrabackup-22_2.2.13-1.vivid_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/e/erlang/erlang-base-hipe_18.3-dfsg-1ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/e/erlang/erlang-crypto_18.3-dfsg-1ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/e/erlang/erlang-syntax-tools_18.3-dfsg-1ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/lksctp-tools/libsctp1_1.0.16%2bdfsg-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/c/curl/curl_7.47.0-1ubuntu2.2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/git/git_2.7.4-0ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/git/git-man_2.7.4-0ubuntu1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libe/liberror-perl/liberror-perl_0.17-1.2_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gettext/gettext-base_0.19.7-2ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libx/libxml2/libxml2_2.9.3%2bdfsg1-1ubuntu0.2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/i/icu/libicu55_55.1-7ubuntu0.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gettext/libasprintf0v5_0.19.7-2ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libp/libpipeline/libpipeline1_1.4.1-2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/b/bsdmainutils/bsdmainutils_9.0.6ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/groff/groff-base_1.22.3-7_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/s/sgml-base/sgml-base_1.26%2bnmu4ubuntu1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/x/xml-core/xml-core_0.13%2bnmu2_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnetfilter-conntrack/libnetfilter-conntrack3_1.0.5-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnl3/libnl-3-200_3.2.27-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnl3/libnl-genl-3-200_3.2.27-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/n/net-snmp/libsnmp30_5.7.3%2bdfsg-1ubuntu4_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pciutils/libpci3_3.3.1-1.1ubuntu1.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pycurl/python3-pycurl_7.43.0-1ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/m/man-db/man-db_2.7.5-1_amd64.deb- haproxy tcp转发配置
# cat /opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml
haproxy_default_services:
- service:
haproxy_service_name: galera
haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
haproxy_port: 3306
haproxy_balance_type: tcp
haproxy_timeout_client: 5000s
haproxy_timeout_server: 5000s
haproxy_backend_options:
- "mysql-check user {{ galera_monitoring_user }}"
haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}"
- service:
haproxy_service_name: glance_api
haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 9292
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: glance_registry
haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 9191
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}"
- service:
haproxy_service_name: gnocchi
haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}"
haproxy_port: 8041
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: heat_api_cfn
haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
haproxy_port: 8000
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: heat_api_cloudwatch
haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"
haproxy_port: 8003
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: heat_api
haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
haproxy_port: 8004
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: keystone_service
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
haproxy_port: 5000
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: keystone_admin
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
haproxy_port: 35357
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}"
- service:
haproxy_service_name: neutron_server
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
haproxy_port: 9696
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: nova_api_metadata
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
haproxy_port: 8775
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}"
- service:
haproxy_service_name: nova_api_os_compute
haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8774
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: nova_console
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: "{{ nova_console_port }}"
haproxy_balance_type: tcp
haproxy_timeout_client: 60m
haproxy_timeout_server: 60m
haproxy_balance_alg: source
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: cinder_api
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8776
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: horizon
haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 443
haproxy_balance_type: tcp
haproxy_balance_alg: source
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: sahara_api
haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_alg: source
haproxy_port: 8386
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: swift_proxy
haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_alg: source
haproxy_port: 8080
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: ceilometer_api
haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8777
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: aodh_api
haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8042
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: ironic_api
haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 6385
haproxy_balance_type: tcp
haproxy_backend_options:
- "httpchk GET /"
- service:
haproxy_service_name: rabbitmq_mgmt
haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 15672
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}"
- service:
haproxy_service_name: magnum
haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 9511
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check- 虚拟机创建失败
### 提示No valid host was found. There are not enough hosts available.解决办法
### 1.openstack的主机名不能相同,要和/etc/openstack_deploy/openstack_user_config.yml里面设置的主机名保持一致,例如infra1、compute1、storage1(感觉可以一样,待验证)
# lxc-attach -n infra1-utility-container-9976aa24
### 确保服务和资源都满足条件,比如内存分配是否充沛
# nova service-list
# nova hypervisor-stats
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
