A场次题目:OpenStack平台部署与运维
业务场景:
某企业拟使用OpenStack搭建一个企业云平台,用于部署各类企业应用对外对内服务。云平台可实现IT资源池化,弹性分配,集中管理,性能优化以及统一安全认证等。系统结构如下图:
企业云平台的搭建使用竞赛平台提供的两台云服务器,配置如下表:
| 设备名称 | 主机名 | 接口 | ip地址 |
|---|---|---|---|
| 云服务器1 | controller | eth0,eth1 | 私网:192.168.100.10/24 私网:192.168.200.10/24 |
| 云服务器2 | compute | eth0,eth1 | 私网:192.168.100.20/24 私网:192.168.200.20/24 |
说明:
1.选手自行检查工位pc机硬件及网络是否正常;1.选手自行检查工位PC机硬件及网络是否正常;
⒉.竞赛使用集群模式进行,给每个参赛队提供华为云账号和密码及考试系统的账号和密码。选手通过用户名与密码分别登录华为云和考试系统;
3.考试用到的软件包都在云主机/opt下。3.考试用到的软件包都在云主机/OPT下.
4.表1中的公网IP和私网IP以自己云主机显示为准,每个人的公网IP和私网IP不同。使用第三方软件远程连接云主机,使用公网IP连接。4.表1中的公网IP和私网IP以自己云主机显示为准,每个人的公网IP和私网IP不同。使用第三方软件远程连接云主机,使用公网IP连接.
任务1私有云平台环境初始化(5分)
1.初始化操作系统
控制节点主机名为controller,计算节点主机名为compute,修改hosts文件将IP地址映射为主机名,使用一条命令关闭firewalld并设置开机不自动启动。
请将cat /etc/hosts命令的返回结果提交至答题框。【2分】
cat /etc/hosts
192.168.100.10 controller
192.168.100.20 compute
过程:
controller节点
hostnamectl set-hostname controller
#修改主机映射
vi /etc/hosts
192.168.100.10 controller
192.168.100.20 compute
#关闭防火墙和关机自启动
systemctl stop firewalld && systemctl disable firewalld
#安全策略
setenforce 0
vi /etc/selinux/config
SELINUX=permissive
compute节点
hostnamectl set-hostname compute
#修改主机映射
vi /etc/hosts
192.168.100.10 controller
192.168.100.20 compute
#关闭防火墙和关机自启动
systemctl stop firewalld && systemctl disable firewalld
#安全策略
setenforce 0
vi /etc/selinux/config
SELINUX=permissive
⒉.挂载安装光盘镜像
将提供的CentOS-7-x86_64-DVD-1804.iso和bricsskills_cloud_iaas.iso光盘镜像复制到controller节点/root目录下,然后在/opt目录下使用命令创建/centos目录和/iaas目录,并将镜像文件centOS-7-x86_64-DVD-1804.iso挂载到/centos目录下,将镜像文件bricsskills_cloud_iaas.iso挂载到/iaas目录下
请将ls /opt/iaas/命令的返回结果提交至答题框。【1分】
(镜像未拷贝,用省赛即可)
[root@controller ~]# ls /opt/iaas/
iaas-repo images
过程:
controller节点
#创建目录
mkdir /opt/centos
mkdir /opt/iaas
#镜像挂载
mount CentOS-7-x86_64-DVD-1804.iso /opt/centos/
mount chinaskills_cloud_iaas.iso /opt/iaas/
3.设置yum源
将controller节点和compute节点原有的yum源移动到/home目录,为controller节点创建本地yum源,yum源文件名为local.repo;为compute节点创建ftp源,yum源文件名为ftp.repo,其中ftp服务器地址为controller节点,配置ftp源时不要写IP地址。
请将ftp.repo的内容提交至答题框。【0.5分】
[root@compute ~]# cat /etc/yum.repos.d/ftp.repo
[centos]
name=centos
baseurl=ftp://controller/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://controller/iaas/iaas-repo
gpgcheck=0
enabled=1
过程:
controller节点
mv /etc/yum.repos.d/* /home/
#编写本地yum源
vi /etc/yum.repos.d/local.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas/iaas-repo
gpgcheck=0
enabled=1
compute节点
mv /etc/yum.repos.d/* /home/
vi /etc/yum.repos.d/ftp.repo
[centos]
name=centos
baseurl=ftp://controller/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://controller/iaas/iaas-repo
gpgcheck=0
enabled=1
4.搭建文件共享服务器
在Controller节点上安装vsftp服务并设置开机自启动,将/opt目录设为共享目录重启服务生效。
请将vsftp配置文件中修改的行提交至答题框。【0.5分】
[root@controller ~]# cat /etc/vsftpd/vsftpd.conf
anon_root=/opt/
controller节点
#安装vsftp
yum install -y vsftpd
#修改配置文件
vi /etc/vsftpd/vsftpd.conf
anon_root=/opt/
#启动服务
systemctl start vsftpd
systemctl enable vsftpd
5.系统调优-脏数据回写
Linux系统内存中会存在脏数据,一般系统默认脏数据30秒后会回写磁盘,修改配置文件,要求将回写磁盘的时间临时调整为60秒。
请使用sysctl -p命令将返回结果提交至答题框。【1分】
[root@controller ~]# sysctl -p
vm.dirty_expire_centisecs = 6000
过程:
#系统内部数据一般保存在/proc/sys/下,脏数据回写在/proc/sys/vm/vm.dirty_expire_centisecs
#sysctl -p 默认路径是 /etc/sysctl.conf,但是其文件在sys下寻找并修改配置文件,若要修改需要指定
vi /etc/sysctl.conf
vm.dirty_expire_centisecs= 6000
sysctl -p
vm.dirty_expire_centisecs = 6000
任务2 OpenStack搭建任务(10分)
root密码以实际为准
1.修改变量文件
在控制节点和计算节点上分别安装iaas-xiandian软件包,修改配置脚本文件中基本变量(配置脚本文件为/etc/xiandian/openrc.sh)。修改完成后使用命令生效该变量文件,并然后执行echo $INTERFACE_IP命令。
请将echo $INTERFACE_IP命令的返回结果提交至答题框。【0.5分】
[root@controller ~]# echo $INTERFACE_IP
192.168.100.10
[root@compute ~]# echo $INTERFACE_IP
192.168.100.20
过程:
controller
yum install -y iaas-xiandian
vi /etc/xiandian/openrc.sh
#将配置文件传到compute目录下
scp /etc/xiandian/openrc.sh root@compute:/etc/xiandian/openrc.sh
#使配置文件生效
source /etc/xiandian/openrc.sh
echo $INTERFACE_IP
192.168.100.10
compute
yum install -y iaas-xiandian
#将配置文件的INTERFACE_IP改为compute的ip
source /etc/xiandian/openrc.sh
echo $INTERFACE_IP
192.168.100.20
2.controller节点和compute节点分别执行iaas-pre-host.sh脚本
请将执行sh文件的命令提交至答题框。【1分】
iaas-pre-host.sh
3.搭建数据库组件
执行iaas-install-mysql.sh脚本,在controller节点会自行安装mariadb、memcached、rabbitmq等服务和完成相关配置。执行完成后修改配置文件将memcached最大连接数修改为2048。
请将ps aux | grep memcached命令的返回结果提交至答题框。【1分】
[root@controller sysconfig]# ps aux | grep memcached
memcach+ 25218 0.0 0.1 443040 4212 ? Ssl 16:36 0:00 /usr/bin/memcached -p 11211 -u memcached -m
root 25232 0.0 0.0 112720 984 pts/1 S+ 16:36 0:00 grep --color=auto memcached
过程:
#执行脚本
iaas-install-mysql.sh
#修改配置文件
cd /etc/sysconfig/
vi memcached
MAXCONN="2048"
#重启服务
systemctl restart memcached
#查看
ps aux | grep memcached
memcach+ 25218 0.0 0.1 443040 4212 ? Ssl 16:36 0:00 /usr/bin/memcached -p 11211 -u memcached -m 64 -c 2048 -l 127.0.0.1,::1,controller
root 25232 0.0 0.0 112720 984 pts/1 S+ 16:36 0:00 grep --color=auto memcached
4.搭建认证服务组件
执行iaas-install-keystone.sh脚本,在controller节点上会自行安装keystone服务和完成相关配置。完成后使用openstack命令查看当前用户列表。
请将openstack查看用户列表的命令提交至答题框。【1分】
[root@controller sysconfig]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| c75f855190ab4f50b9b7175ea8a90b44 | admin |
| fb61c950d2874cafaff6e57f406e103b | demo |
+----------------------------------+-------+
过程:
#安装脚本
iaas-install-keystone.sh
#生效身份验证
source /etc/keystone/admin-openrc.sh
#查看用户列表
openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| c75f855190ab4f50b9b7175ea8a90b44 | admin |
| fb61c950d2874cafaff6e57f406e103b | demo |
+----------------------------------+-------+
5.搭建镜像服务组件
执行iaas-install-glance.sh脚本,在controller 节点会自行安装glance服务和完成相关配置。完成后使用openstack命令将cirros-0.3.4-x86_64-disk.img上传到controller节点的/root目录下,并命名为cirros。
请将镜像上传的操作命令和返回结果提交至答题框。【1分】
[root@controller sysconfig]# openstack image create cirros --disk-format qcow2 --container bare --file /root/cirros-0.3.4-x86_64-disk.img
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-10-08T08:56:01Z |
| disk_format | qcow2 |
| file | /v2/images/70344b58-7c4f-43b0-b5de-15dd898d1293/file |
| id | 70344b58-7c4f-43b0-b5de-15dd898d1293 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | e6dc2936211947c3b924187b48ffa8fb |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2022-10-08T08:56:01Z |
| virtual_size | None |
| visibility | shared |
+------------------+------------------------------------------------------+
过程:
#执行脚本
iaas-install-glance.sh
#上传镜像
openstack image create cirros --disk-format qcow2 --container bare --file /root/cirros-0.3.4-x86_64-disk.img
6.搭建计算服务组件
在controller节点和compute节点分别执行iaas-install-nova-controller.sh和iaas-install-nova-compute.sh脚本,会自行安装nova服务和完成相关配置。然后使用命令列出能提供计算资源的节点。
请将nova service-list命令的返回结果提交至答题框。【2分】
[root@controller sysconfig]# nova service-list
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| c6a665b2-2cd7-44ca-9d75-32e7da6f4acf | nova-scheduler | controller | internal | enabled | up | 2022-10-08T09:07:15.000000 | - | False |
| ce9d4037-9d16-4f16-8bbd-7015ddc74345 | nova-consoleauth | controller | internal | enabled | up | 2022-10-08T09:07:15.000000 | - | False |
| 8697a2e3-e5da-4f53-bc0d-e56f338027a5 | nova-conductor | controller | internal | enabled | up | 2022-10-08T09:07:16.000000 | - | False |
| fc6eb5ca-c245-47f6-b9d9-24426f269e3f | nova-compute | compute | nova | enabled | up | 2022-10-08T09:07:19.000000 | - | False |
| 1bd34d8c-ff2a-4c64-b426-a41dacf04bc2 | nova-compute | controller | nova | enabled | up | 2022-10-08T09:07:22.000000 | - | False |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
过程
controller
iaas-install-nova-controller.sh
#修改配置文件
vi /etc/xiandian/openrc.sh
iaas-install-nova-compute.sh
#修改完配置文件后改回
compute
iaas-install-nova-compute
controller:
nova service-list
7.搭建网络组件并初始化网络
在controller节点和compute节点分别执行iaas-install-neutron-controller.sh和iaas-install-neutron-compute.sh脚本,会自行安装neutron 服务并完成配置。创建云主机外部网络ext-net,子网为ext-subnet,云主机浮动IP可用网段为192.168.10.100192.168.10.200,网关为192.168.10.1。创建云主机内部网络int-net1,子网为int-subnet1,云主机子网IP可用网段为10.0.0.10010.0.0.200,网关为10.0.0.1;创建云主机内部网络int-net2,子网为int-subnet2,云主机子网IP可用网段为10.0.1.100 ~10.0.1.200,网关为10.0.1.1。添加名为ext-router的路由器,添加网关在ext-net网络,添加内部端口到int-net1 网络,完成内部网络int-net1和外部网络的连通。
请使用openstack命令完成以上任务,完成后将命令和返回结果提交至答题框。【3分】
#在两个节点使用对应的脚本
#创建外部网络并绑定网段
openstack network create ext-net --provider-physical-network provider --external --enable-port-security --enable --provider-network-type flat
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-10-09T02:59:57Z |
| description | |
| dns_domain | None |
| id | 01fb1dc8-66f3-4045-84dc-cdc0cb69bede |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | ext-net |
| port_security_enabled | True |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 5 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-10-09T02:59:57Z |
+---------------------------+--------------------------------------+
openstack subnet create ext-subnet --network ext-net --dhcp --gateway 192.168.10.1 --subnet-range 192.168.10.0/24 --allocation-pool start=192.168.10.100,end=192.168.10.200
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.10.100-192.168.10.200 |
| cidr | 192.168.10.0/24 |
| created_at | 2022-10-09T03:01:56Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.10.1 |
| host_routes | |
| id | 4b633ced-be54-4af4-a536-8f94f0c694bf |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | ext-subnet |
| network_id | 01fb1dc8-66f3-4045-84dc-cdc0cb69bede |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-10-09T03:01:56Z |
+-------------------+--------------------------------------+
#创建内网1,内网2并绑定
openstack network create --internal int-net1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-10-09T03:02:27Z |
| description | |
| dns_domain | None |
| id | 43b5b4a9-1846-4489-8521-acdf2f96453e |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | int-net1 |
| port_security_enabled | True |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 161 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-10-09T03:02:27Z |
+---------------------------+--------------------------------------+
[root@controller ~]# openstack network create --internal int-net2
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-10-09T03:02:31Z |
| description | |
| dns_domain | None |
| id | ea39aff1-bd51-443b-83e9-c573812a1dd7 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | int-net2 |
| port_security_enabled | True |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 195 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-10-09T03:02:31Z |
+---------------------------+--------------------------------------+
[root@controller ~]# openstack subnet create int-subnet1 --network int-net1 --dhcp --gateway 10.0.0.1 --subnet-range 10.0.0.0/24 --allocation-pool start=10.0.0.100,end=10.0.0.200
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.0.0.100-10.0.0.200 |
| cidr | 10.0.0.0/24 |
| created_at | 2022-10-09T03:05:35Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | d56b1e12-c37a-4ba1-9323-249b0e74e8b3 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | int-subnet1 |
| network_id | 43b5b4a9-1846-4489-8521-acdf2f96453e |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-10-09T03:05:35Z |
+-------------------+--------------------------------------+
[root@controller ~]# openstack subnet create int-subnet2 --network int-net2 --dhcp --gateway 10.0.1.1 --subnet-range 10.0.1.0/24 --allocation-pool start=10.0.1.100,end=10.0.1.200
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.0.1.100-10.0.1.200 |
| cidr | 10.0.1.0/24 |
| created_at | 2022-10-09T03:06:02Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.1.1 |
| host_routes | |
| id | 3c8fbeb8-c4ec-41d4-b2d2-eac146b82eac |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | int-subnet2 |
| network_id | ea39aff1-bd51-443b-83e9-c573812a1dd7 |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-10-09T03:06:02Z |
+-------------------+--------------------------------------+
#创建路由,并联通外部
[root@controller ~]# openstack router create ext-router --enable
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-10-09T03:07:38Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | b6ec9db2-2a00-438f-bd07-fa433647d0d4 |
| name | ext-router |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2022-10-09T03:07:38Z |
+-------------------------+--------------------------------------+
[root@controller ~]# openstack router set ext-router --external-gateway ext-net --enable-snat
[root@controller ~]# openstack router add subnet ext-router int-subnet1
任务3 OpenStack运维任务
1.使用openstack图形界面创建镜像,镜像名称为nginx,源使用nginx-centos.qcow2
请将镜像截图提交至答题框。【1分】
操作步骤:
登录OpenStack,创建镜像,源镜像为nginx-centos.qcow2,名臣为nginx,创建完成
⒉.使用命令创建名称为group_web的安全组该安全组的描述为工位号,为该安全组添加规则允许任意ip地址访问web,并写出添加访问SSH (22)的命令。
请将添加访问SSH (22)的命令提交至答题框。【1分】
[root@controller ~]# openstack security group rule create group_web --ingress --dst-port 22:22 --remote-ip 0.0.0.0/24
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2022-10-09T03:48:08Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 03c7ce48-4ada-4f9d-bd0c-c80454d57f94 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | e6dc2936211947c3b924187b48ffa8fb |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/24 |
| revision_number | 0 |
| security_group_id | 9c74fd04-d37a-4501-9632-05d82388ac59 |
| updated_at | 2022-10-09T03:48:08Z |
+-------------------+--------------------------------------+
过程:
#创建安全组group_web
openstack security group create group_web --project demo --description 31
#允许任意ip访问web
openstack security group rule create group_web --ingress --dst-port 80:80 --remote-ip 0.0.0.0/24 --protocol tcp
openstack security group rule create group_web --ingress --dst-port 443:443 --remote-ip 0.0.0.0/24 --protocol tcp
#允许访问22端口
openstack security group rule create group_web --ingress --dst-port 22:22 --remote-ip 0.0.0.0/24
3.创建名为nginx的云主机类型,要求VCPU 1内存1024M根磁盘10G
请将openstack命令提交至答题框。【1分】
[root@controller ~]# nova flavor-create nginx 1 1024 10 1
+----+-------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | Description |
+----+-------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| 1 | nginx | 1024 | 10 | 0 | | 1 | 1.0 | True | - |
+----+-------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
5.修改相关配置,关闭nginx云主机的系统的内存共享,打开透明大页,并且保证nginx云主机的安全,配置禁止其他节点可以ping它
请将sysctl -p命令的返回结果提交至答题框。【1分】
过程:
vi /etc/sysctl.conf
kernel.shmmax = 0
kernel.shmall = 0
kernel.shmmni = 0
net.ipv4.icmp_echo_ignore_all = 1
6.通过ceilometer组件,使用命令行查询nginx云主机CPU使用情况。
请将gnocchi metric list命令的返回结果提交至答题框。【1分】
ceilometer meter-list
+---------------------------------------------+------------+-----------+-----------------------------------------------------------------------+----------------------------------+----------------------------------+
| Name | Type | Unit | Resource ID | User ID | Project ID |
+---------------------------------------------+------------+-----------+-----------------------------------------------------------------------+----------------------------------+----------------------------------+
| cpu | cumulative | ns | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| cpu_util | gauge | % | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.allocation | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.capacity | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.allocation | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.capacity | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.read.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.read.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.usage | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.write.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.device.write.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.read.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.read.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.read.requests | cumulative | request | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.read.requests.rate | gauge | request/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.total.size | gauge | GB | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.usage | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.write.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.write.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.write.requests | cumulative | request | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| disk.write.requests.rate | gauge | request/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| instance | gauge | instance | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| memory | gauge | MB | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| memory.usage | gauge | MB | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.incoming.bytes | cumulative | B | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.incoming.bytes.rate | gauge | B/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.incoming.packets | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.incoming.packets.drop | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.incoming.packets.error | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.incoming.packets.rate | gauge | packet/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.outgoing.bytes | cumulative | B | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.outgoing.bytes.rate | gauge | B/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.outgoing.packets | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.outgoing.packets.drop | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.outgoing.packets.error | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| network.outgoing.packets.rate | gauge | packet/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| poweron | gauge | N/A | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
| vcpus | gauge | vcpu | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
过程:
#分别安装ceilometer组件
controller: iaas-install-ceilometer-controller.sh
compute: iaas-install-ceilometer-compute.sh
7.使用命令行创建云主机nginx快照,命名为nginx_snap,使用qemu相关命令查询该快照磁盘详细属性。
请将qemu-img info nginx_snap.qcow2命令的返回结果提交至答题框。【2分】
[root@controller images]# qemu-img info 5eae1a37-7ae9-4c4a-98c5-f477183eb818
image: 5eae1a37-7ae9-4c4a-98c5-f477183eb818
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 1.7G
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
过程:
#查看云主机id
nova list
#创建快照
nova image-create b8095ceb-005c-4ca8-88be-dbdd7bec39ac "nginx_snap"
#进入后端
cd /var/lib/glance/images
#查看快照的id后,查看详细属性
qemu-img info 5eae1a37-7ae9-4c4a-98c5-f477183eb818
8.执行iaas-install-cinder-controller .sh和iaas-install-cinder-compute.sh脚本,在controller和compute节点上安装cinder服务并完成配置,创建一个名为lvm的卷类型,创建该类型规格键值对,要求lvm卷类型对应cinder后端驱动lvm所管理的存储资源。创建一块带这个卷类型标识的云硬盘lvm_test,查询该云硬盘的详细信息。
请将cinder show lvm_test命令的返回结果提交至答题框。【2分】
9.将该云硬盘挂载到nginx云主机中,将该云硬盘格式化为xfs。永久挂载至/opt目录,创建一个文件文件名为工位号内容为工位号。
请将cat /etc/fstab的返回结果提交至答题框。【1分】
过程:
#绑定nginx主机
openstack server add volume nginx test_lvm
#将云硬盘格式化为xfs
mkfs.xfs /dev/vdb
#永久挂在
vi /etc/fstab
/dev/vdb /opt xfs defaults 0 0
10.编写server_volume.yaml文件,通过heat组件实现自动化部署:发放1台云主机,主机名称为my server_1,镜像为nginx,云主机类型为nginx,网络为int-net1,创建大小为1G的云硬盘,挂载至my_server_1
将server_volume.yaml文件中的内容提交至答题框。【3分】
B场次题目:容器的编排与运维
| 设备名称 | 主机名 | 接口 | IP地址 |
|---|---|---|---|
| 虚拟机1 | master | ens33 | 192.168.200.162 |
| 虚拟机2 | node1 | ens33 | 192.168.200.163 |
| 虚拟机3 | node2 | ens33 | 192.168.200.164 |
| 虚拟机4 | node3 | ens33 | 192.168.200.165 |
任务1 容器云平台环境初始化(5分)
1.容器云平台的初始化
根据表2中的IP地址规划,创建云服务器,镜像使用CentOS_7.5_x86_64_XD.qcow,确保网络正常通信。按照表1设置主机名节点并关闭swap,同时永久关闭selinux以及防火墙,并修改hosts映射。
请将master节点hosts文件内容提交至答题框。【1分】
vi /etc/hosts
192.168.200.162 master
192.168.200.163 node1
192.168.200.164 node2
192.168.200.165 harbor
过程:
master
其他节点修改主机名即可,其他命令相同
hostnamectl set-hostname master
setenforce 0
vi /etc/selinux/config
SELINUX=disabled
swapoff -a
systemctl stop firewalld
systemctl disable firewalld
vi /etc/hosts
192.168.200.162 master
192.168.200.163 node1
192.168.200.164 node2
192.168.200.165 harbor
2.Yum源数据的持久化挂载
将提供的CentOS-7-x86_64-DVD-1804.iso和bricsskills_cloud_paas.iso光盘镜像移动到master节点/root目录下,然后在/opt目录下使用命令创建/centos目录和/paas目录,并将镜像文件CentOS-7-x86_64-DVD-1804.iso永久挂载到/centos目录下,将镜像文件bricsskills_cloud_paas.iso永久挂载到/paas目录下。
请将cat /etc/fstab的返回结果提交到答题框。【1分】
若无bricsskills_cloud_paas.iso使用chinaskil也可以
cat /etc/fstab
/root/CentOS-7-x86_64-DVD-1804.iso /opt/centos iso9660 defaults 0 0
/root/chinaskills_cloud_paas.iso /opt/paas iso9660 defaults 0 0
过程:
mkdir /opt/centos
mkdir /opt/paas
mount CentOS-7-x86_64-DVD-1804.iso /opt/centos
mount chinaskills_cloud_paas.iso /opt/paas
vi /etc/fstab
/root/CentOS-7-x86_64-DVD-1804.iso /opt/centos iso9660 defaults 0 0
/root/chinaskills_cloud_paas.iso /opt/paas iso9660 defaults 0 0
mount -a
3.Yum源的编写
为master节点设置本地yum源,yum源文件名为local.repo,安装ftp服务,将ftp仓库设置为/opt/,为node1节点和node2节点配置ftp源,yum源文件名称为ftp.repo,其中ftp服务器地址为master节点,配置ftp源时不要写IP地址。
请将ftp.repo文件中的内容提交到答题框。【1分】
vi /etc/yum.repos.d/ftp.repo
[centos]
name=centos
baseurl=ftp://master/centos
gpgcheck=0
enabled=1
[k8s]
name=k8s
baseurl=ftp://master/paas/kubernetes-repo
gpgcheck=0
enabled=1
过程:
master
mv /etc/yum.repos.d/* /etc/yum
vi /etc/yum.repos.d/centos.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[k8s]
name=k8s
baseurl=file:///opt/paas/kubernetes-repo
gpgcheck=0
enabled=1
#安装vsftpd服务
yum install -y vsftpd
vi /etc/vsftpd/vsftpd.conf
anon_root=/opt/
systemctl start vsftpd
systemctl enable vsftpd
iptables -F
iptables -X
iptables -Z
/usr/sbin/iptables-save
其他节点
mv /etc/yum.repos.d/* /etc/yum
vi /etc/yum.repos.d/ftp.repo
[centos]
name=centos
baseurl=ftp://master/centos
gpgcheck=0
enabled=1
[k8s]
name=k8s
baseurl=ftp://master/paas/kubernetes-repo
gpgcheck=0
enabled=1
iptables -F
iptables -X
iptables -Z
/usr/sbin/iptables-save
4.设置时间同步服务器
在master节点上部署chrony服务器,允许其他节点同步时间,启动服务并设置为开机启动;在其他节点上指定master节点为上游NTP服务器,重启服务并设为开机启动。
请在master节点将cat /etc/chrony.conf | grep server命令的返回结果提交到答题框。【1分】
[root@master ~]# cat /etc/chrony.conf | grep server
# Use public servers from the pool.ntp.org project.
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server master iburst
过程:
master
vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server master iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
allow 10.0.0.0/24
local stratum 10
systemctl restart chronyd
systemctl enable chronyd
其他节点
vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server master iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
systemctl restart chronyd
systemctl enable chronyd
5.设置免密登录
为四台服务器设置免密登录,保证服务器之间能够互相免密登录。
请将免密登录的命令提交到答题框。【1分】
ssh-keygen
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
任务2 k8s搭建任务(10分)
1.安装docker应用
在所有节点上安装dokcer-ce。安装完成后修改docker启动引擎为systemd并配置阿里云镜像加速地址,配置成功重启docker服务器。
请将docker version命令的返回结果提交到答题框。【1分】
[root@master ~]# docker version
Client: Docker Engine - Community
Version: 19.03.13
API version: 1.40
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:03:45 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.13
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 4484c46d9d
Built: Wed Sep 16 17:02:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.3.7
GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
过程:
#安装依赖
yum install -y yum-utils lvm2 device-mapper-*
#安装docker-ce
yum install -y docker-ce
systemctl start docker
systemctl enable docker
#修改相关配置
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://5twf62k1.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
2.安装docker-compose
在Harbor节点上使用/opt/paas/docker-compose/v1.25.5-docker-compose-Linux-x86_6下的文件安装docker-compose。安装完成后执行docker-composeversion命令。
请将docker-compose versio命令返回结果提交到答题框。【0.5分】
[root@harbor ~]# docker-compose version
docker-compose version 1.25.5, build 8a1c60f6
docker-py version: 4.1.0
CPython version: 3.7.5
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
过程:
#可将master节点的docker-compose文件传到harbor
cp -rfv /opt/docker-compose/v1.25.5-docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
3.搭建horbor仓库
在Harbor节点使用/opt/paas/harbor/ harbor-offline-installer-v2.1.0.tgz离线安装包,安装harbor仓库,并修改各节点默认docker仓库为harbor仓库地址。
请将master节点daemon.json中的内容提交到答题框。【2分】
cat /etc/docker/daemon.json
{
"insecure-registries" : ["192.168.200.165:5000"],
"registry-mirrors": ["https://5twf62k1.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
过程:
harbor:
#1.创建ca证书
mkdir /cert/ -p
cd /cert/
#以下命令创建ca证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
#一路回车出现Common Name 输入IP或域名
Common Name (eg, your name or your server's hostname) []:192.168.200.165
#2.生成证书签名请求
openssl req -newkey rsa:4096 -nodes -sha256 -keyout 192.168.200.165.key -out 192.168.200.165.csr
一路回车出现Common Name 输入IP或域名
Common Name (eg, your name or your server's hostname) []:192.168.200.165
#3.生成证书
echo subjectAltName = IP:192.168.200.165 > extfile.cnf
openssl x509 -req -days 365 -in 192.168.200.165.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 192.168.200.165.crt
#4.配置harbor.yml
tar -zxvf harbor-offline-installer-v2.0.1.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
hostname=192.168.200.165
ssl_cert = /cert/192.168.200.165.crt #crt位置
ssl_cert_key = /cert/192.168.200.165.key #key的位置
#5.配置使用harbor
./prepare
./install.sh
#将签证证书发送到其他节点
mkdir –p /etc/docker/certs.d/192.168.200.165
cp ca.crt /etc/docker/certs.d/192.168.200.165/ca.crt
systemctl restart docker
4.上传docker镜像
在master节点使用命令将/opt/paas/images目录下所有镜像导入本地。然后使用/opt/paas/k8s_image_push.sh将所有镜像上传至docker仓库,遇到地址配置时请写IP地址。
请将执行k8s_image_push.sh文件的返回结果提交到答题框。
过程
#导入镜像
for i in $(ls /opt/paas/images|grep tar)
do
docker load -i /opt/paas/images/$i
done
cd /opt/paas/
./k8s_image_push.sh
5.安装kubeadm工具
在master及所有node节点安装Kubeadm工具并设置开机自动启动,安装完成后使用rpm命令配合grep查看Kubeadm工具是否正确安装。
请将kubectl get nodes命令的返回结果提交到答题框。【0.5分】
rpm -qa | grep ku
kubeadm-1.18.1-0.x86_64
kubectl-1.18.1-0.x86_64
kubelet-1.18.1-0.x86_64
过程:
yum -y install kubeadm-1.18.1 kubectl-1.18.1 kubelet-1.18.1
systemctl enable kubelet && systemctl start kubelet
6.kubeadm安装master
使用kubeadm命令生成yaml文件,并修改yaml文件,设置kubernetes虚拟内部网段地址为10.244.0.0/16,通过该yaml文件初始化master节点,然后使用kube-flannel.yaml完成控制节点初始化设置,完成后使用命令查看集群状态和所有pod。
请将kubectl get nodes命令的返回结果提交到答题框。【2分】
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 13s v1.18.1
过程:
#开启路由转发(全部节点)
cat >> /etc/sysctl.d/k8s.conf <<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system //生效
#生成yaml文件
kubeadm config print init-defaults > kubeadm-config.yaml
#1.修改advertiseAddress,改为本机ip
advertiseAddress: 192.168.200.162
#2.在yaml文件中的networking添加:
podSubnet: "10.244.0.0/16"
#3.可以通过修改container地址提高速度
--image-repository=registry.aliyuncs.com/google_containers
#安装master节点
kubeadm init --config kubeadm-config.yaml
7.删除污点
使用命令删除master节点的污点,使得Pod也可以调度到master节点上,操作成功配合grep查看master节点的污点。
请将删除master节点的污点的命令提交到答题框。【1分】
kubectl taint nodes master node-role.kubernetes.io/master-
过程
#删除污点
kubectl taint nodes master node-role.kubernetes.io/master-
#查看master污点
kubectl describe nodes master |grep Taints
Taints: node.kubernetes.io/not-ready:NoExecute
8.安装kubernetes网络插件
使用kube-flannel.yaml安装kubernetes网络插件,安装完成后使用命令查看节点状态。
请将kubectl get nodes命令的返回结果提交到答题框。【0.5分】
[root@localhost paas]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 12m v1.18.1
过程:
master
kubectl apply -f /opt/paas/yaml/flannel/kube-flannel.yaml
[root@localhost paas]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 12m v1.18.1
9.kubernetes图形化界面的安装
使用recommended.yaml和dashboard-adminuser.yaml安装kubernetesdashboard界面,完成后查看首页。
请将kubectl get pod,svc -n kubernetes-dashboard命令的返回结果提交到答题框。【1分】
[root@master ~]# kubectl get pod,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-6b4884c9d5-9g89j 1/1 Running 0 22d
pod/kubernetes-dashboard-5585794759-7h42g 1/1 Running 0 22d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.102.214.55 <none> 8000/TCP 22d
service/kubernetes-dashboard NodePort 10.99.171.141 <none> 443:30000/TCP 22d
过程:
#部署dashboard
mkdir dashboard-certs
cd dashboard-certs/
kubectl create namespace kubernetes-dashboard
openssl genrsa -out dashboard.key 2048
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
sed -i "s/kubernetesui/$IP\/library/g" /opt/yaml/dashboard/recommended.yaml
kubectl apply -f /opt/yaml/dashboard/recommended.yaml
kubectl apply -f /opt/yaml/dashboard/dashboard-adminuser.yaml
#若pod未成功创建,修改一下镜像的地址
10.扩展计算节点
在所有node节点上使用kubeadm config命令生成yaml文件,并通过yaml文件将node节点加入kubernetes集群。完成后在master节点上查看所有节点状态。
请将kubectl get nodes命令的返回结果提交到答题框。【0.5分】
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 22d v1.18.1
node1 Ready <none> 22d v1.18.1
node2 Ready <none> 22d v1.18.1
过程:
#生成添加节点的配置文件
kubeadm config print join-defaults > kubeadm-config.yaml
#需要修改:
apiServerEndpoint:连接apiserver的地址,即master的api地址,这里可以改为192.168.200.162:6443,如果master集群部署的话,这里需要改为集群vip地址
token及tlsBootstrapToken:连接master使用的token,这里需要与master上的InitConfiguration中的token配置一致
name:node节点的名称,如果使用主机名,需要确保master节点可以解析该主机名。否则的话可直接使用ip地址
#添加节点
kubeadm join --config kubeadm-config.yaml
#查看nodes节点是否ready(controller)
kubectl get nodes
任务三 存储配置(5分)
1.NFS配置
在master节点安装nfs,并配置6个共享目录,启动后查看共享目录。并在各node节点安装nfs客户端并查看共享目录。
请将showmount -e master命令的返回结果提交至答题框。【2分】
[root@node1 ~]# showmount -e master
Export list for master:
/nfs6 *
/nfs5 *
/nfs4 *
/nfs3 *
/nfs2 *
/nfs1 *
过程:
master
#安装nfs相关软件
yum install -y nfs-utils rpcbind
#添加6个共享目录
vi /etc/exports
/nfs1 *(rw,sync,no_root_squash,no_subtree_check)
/nfs2 *(rw,sync,no_root_squash,no_subtree_check)
/nfs3 *(rw,sync,no_root_squash,no_subtree_check)
/nfs4 *(rw,sync,no_root_squash,no_subtree_check)
/nfs5 *(rw,sync,no_root_squash,no_subtree_check)
/nfs6 *(rw,sync,no_root_squash,no_subtree_check)
systemctl start nfs-server rpcbind
systemctl enable nfs-server rpcbind
其他节点:
#yum install -y nfs-utils
showmount -e master
2.PV配置
每一个Redis Pod都需要一个独立的PV来存储自己的数据,创建一个pv.yaml文件,包含6个PV,分别对应nfs中的6个共享目录。
请将yaml文件中的内容提交至答题框。【2分】
cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv1
spec:
nfs:
server: 192.168.200.162
path: /nfs1
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadOnlyMany"]
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv2
spec:
nfs:
server: 192.168.200.162
path: /nfs2
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadOnlyMany"]
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv3
spec:
nfs:
server: 192.168.200.162
path: /nfs3
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadOnlyMany"]
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv4
spec:
nfs:
server: 192.168.200.162
path: /nfs4
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadOnlyMany"]
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv5
spec:
nfs:
server: 192.168.200.162
path: /nfs5
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadOnlyMany"]
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv6
spec:
nfs:
server: 192.168.200.162
path: /nfs6
capacity:
storage: 1Gi
accessModes: ["ReadWriteMany","ReadOnlyMany"]
3.创建Configmap
将提供的redis.conf配置文件创建为名称为redis-conf的Configmap对象,创建成功后,查看redis-conf的详细信息。
请将kubectl describe cm redis-conf命令的返回结果提交至答题框。【0.5分】
[root@master yaml]# kubectl describe cm redis-conf Name: redis-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
redis.conf:
----
appendonly yes
cluster-enabled yes
cluster-config-file /var/lib/redis/nodes.conf
cluster-node-timeout 5000
dir /var/lib/redis
port 6379
Events: <none>
过程:
#创建configMap
kubectl create configmap redis-confg --from-file=/root/redis.conf
4.导入镜像
使用提供的redis.tar导入所需的镜像,并重新修改镜像tag并将镜像上传至harbor镜像仓库中。
请将上述操作的所有命令提交至答题框。【0.5分】
[root@master ~]# docker load -i redis.tar
9f54eef41275: Loading layer 75.16MB/75.16MB
e9e9d8cf772b: Loading layer 3.584kB/3.584kB
8b504a175fb9: Loading layer 229.7MB/229.7MB
Loaded image: ubuntu:redis-trip
2edcec3590a4: Loading layer 83.86MB/83.86MB
9b24afeb7c2f: Loading layer 338.4kB/338.4kB
4b8e2801e0f9: Loading layer 4.274MB/4.274MB
529cdb636f61: Loading layer 27.8MB/27.8MB
9975392591f2: Loading layer 2.048kB/2.048kB
8e5669d83291: Loading layer 3.584kB/3.584kB
Loaded image: redis:latest
[root@master ~]# docker tag redis:latest 192.168.200.165/library/redis:latest
[root@master ~]# docker push 192.168.200.165/library/redis:latest
The push refers to repository [192.168.200.165/library/redis]
8e5669d83291: Pushed
9975392591f2: Pushed
529cdb636f61: Pushed
4b8e2801e0f9: Pushed
9b24afeb7c2f: Pushed
2edcec3590a4: Pushed
latest: digest: sha256:563888f63149e3959860264a1202ef9a644f44ed6c24d5c7392f9e2262bd3553 size: 1573
任务四redis集群部署(10分)
1.基于StatefulSet创建Redis集群节点
编写redis.yml文件,创建statefulset资源,基于redis镜像创建6个pod副本,并且通过pod的亲和性配置保证pod尽量分散在不同的节点上,然后通过volumeMounts将pv及redis-conf的Configmap分别挂载到各个容器中。然后基于该文件创建redis集群节点,完成后查看所有redis的pod资源。
请将kubectl get pods -o wide命令的返回结果提交至答题框。【3分】
[root@master yaml]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
redis-app-0 1/1 Running 0 9s 10.244.1.5 node2 <none> <none>
redis-app-1 1/1 Running 0 8s 10.244.2.10 node1 <none> <none>
redis-app-2 1/1 Running 0 6s 10.244.0.6 master <none> <none>
redis-app-3 1/1 Running 0 5s 10.244.1.6 node2 <none> <none>
redis-app-4 1/1 Running 0 4s 10.244.2.11 node1 <none> <none>
redis-app-5 1/1 Running 0 2s 10.244.1.7 node2 <none> <none>
redis.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-app
spec:
serviceName: "redis-service"
replicas: 6
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
appCluster: redis-cluster
spec:
terminationGracePeriodSeconds: 20
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- redis
topologyKey: kubernetes.io/hostname
containers:
- name: redis
image: 192.168.200.165/library/redis:latest
command:
- "redis-server" #redis启动命令
args:
- "/etc/redis/redis.conf" #redis-server后面跟的参数,换行代表空格
- "--protected-mode" #允许外网访问
- "no"
# command: redis-server /etc/redis/redis.conf --protected-mode no
resources: #资源
requests: #请求的资源
cpu: "100m" #m代表千分之,相当于0.1 个cpu资源
memory: "100Mi" #内存100m大小
ports:
- name: redis
containerPort: 6379
protocol: "TCP"
- name: cluster
containerPort: 16379
protocol: "TCP"
volumeMounts:
- name: "redis-conf" #挂载configmap生成的文件
mountPath: "/etc/redis" #挂载到哪个路径下
- name: "redis-data" #挂载持久卷的路径
mountPath: "/var/lib/redis"
volumes:
- name: "redis-conf" #引用configMap卷
configMap:
name: "redis-conf"
items:
- key: "redis.conf" #创建configMap指定的名称
path: "redis.conf" #里面的那个文件--from-file参数后面的文件
volumeClaimTemplates: #进行pvc持久卷声明,
- metadata:
name: redis-data
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200M
2.redis集群初始化
使用ubuntu:redis-trib中的redis-trib工具对redis集群进行初始化,初始化后3个master节点,3个slave节点,3个master节点各对应一个slave节点。初始化成功后查看集群状态。
连结到任意一个Redis Pod将cluster nodes命令的返回结果提交至答题框。【3分】
3.为redis集群配置service
编写service.yaml文件创建一个Service,用于为Redis集群提供访问和负载均衡,代理redis集群,在K8S集群中暴露6379端口,创建成功后,查看service状态。
请将kubectl get svc redis-access-service -o wide命令的返回结果提交至答题框。【2分】
[root@master yaml]# kubectl get svc redis-access-service -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
redis-access-service ClusterIP 10.104.245.9 <none> 6379/TCP 2s app=redis,appCluster=redis-cluster
vi service.yaml
apiVersion: v1
kind: Service
metadata:
name: redis-access-service
labels:
app: redis
spec:
ports:
- name: redis-port
protocol: "TCP"
port: 6379
targetPort: 6379
selector:
app: redis
appCluster: redis-cluster
4.集群主从切换
任意选择一个redis的master节点,进入该pod中查看该节点在集群中的角色信息,然后将该节点pod手动删除,然后查看状态,重新创建后,进入该pod查看节点角色信息及集群信息。查看是否自动完成主从切换。
最后进入该pod将role命令的返回结果提交至答题框。【2分】
C场次题目:企业级应用的自动化部署和运维
| 设备名称 | 主机名 | 接口 | ip地址 | 角色 |
|---|---|---|---|---|
| 云服务器1 | monitor | ens33 | 192.168.200.100 | prometheus.grafana,ansible |
| 云服务器2 | slave1 | ens33 | 192.168.200.101 | agent |
| 云服务器3 | slave2 | ens33 | 192.168.200.102 | agent |
任务1企业级应用的自动化部署(17分)
1.ansible自动化运维工具的安装
请使用提供的软件包在monitor节点安装ansible,安装完成后使用ansible --version命令验证是否安装成功。为所有节点添加test用户,设置用户密码为000000,为test用户设置免密sudo,配置ssh免密登录,使monitor节点能够免密登录所有节点的test用户。
请将ansible --version命令的返回结果提交到答题框。【3分】
ansible --version
ansible 2.4.6.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
过程:
monitor
#安装依赖
yum install -y jinja2 PyYAML cryptography
rpm -ivh ansible-2.4.6.0-1.el7.ans.noarch.rpm
ansible --version
全部节点
useradd test
passwd test
#设置免密sudo 在root ALL=(ALL) ALL下面添加
visudo
test ALL=(ALL) NOPASSWD:ALL
monitor
ssh-keygen
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
2.ansible 自动化运维工具的初始化【3 分】
创建 /root/ansible 目录作为工作目录,在该目录内创建 ansible.cfg 文件并完成以下配置,清单文件位置为 /root/ansible/inventory,登录用户为 test,登录时不需要输入密码。设置并行主机数量为 2,允许 test 用户免密提权到 root。
将 ansible.cfg 文件内容粘贴到答题框。
[defaults]
inventory=./inventory
forks=2
remote_user=test
ask_pass=false
[privilege_escalation]
become=true
become_method=sudo
become_user=root
become_ask_pass=false
过程:
#创建工作目录
mkdir /root/ansible
#编辑cfg
vi ansible.cfg
[defaults]
inventory=./inventory
forks=2
remote_user=test
ask_pass=false
[privilege_escalation]
become=true
become_method=sudo
become_user=root
become_ask_pass=false
3.主机清单的编写。
编写主机清单文件,创建monitor用户组,monitor用户组内添加monitor主机,创建slave用户组, slave组内添加slave1和slave2主机,主机名不得使用IP地址。
请将ansible all -m ping命令的返回结果提交至答题框。【2分】
[root@monitor ansible]# ansible all -m ping
[WARNING]: Found both group and host with same name: master
slave2 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
slave1 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
monitor | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
过程:
#需要在/etc/hosts添加映射
192.168.200.100 monitor
192.168.200.101 slave1
192.168.200.102 slave2
#在/root/ansible目录下创建inventory
vi inventory
[monitor]
monitor
[slave]
slave1
slave2
4.使用自动化工具对 master 节点进行初始化【2 分】
请编写 prometheus.yml 控制 monitor 主机组,使用对应模块将 SELinux 临时状态和开机启动状态也设置为 disabled。请使用 ansible 对应模块安装时间同步服务,使用文本编辑模块将该服务的作用域设置为 0.0.0.0/0,并设置状态为启动和开机自动启动。首先将提供的 prometheus-2.37.0.linux-amd64.tar.gz 使用文件拷贝模块将该压缩包拷贝到目标主机的/usr/local/ 下,使用 shell 模块解压该压缩包。
请将prometheus.yml文件中的内容提交至答题框。【4分】
- hosts: monitor
remote_user: root
tasks:
- name: SELINUX=disabled
selinux: state=disabled
- name: stop firewalld
shell: 'sudo systemctl stop firewalld && sudo systemctl disable firewalld'
- name: install chrony
yum: name=chrony state=present
- name: allow 0.0.0.0/0
blockinfile: path=/etc/chrony.conf block="allow 0.0.0.0/0"
- name: start chrony
service: name=chronyd state=started enabled=yes
- name: copy promethus
copy: src=/root/prometheus-2.37.0.linux-amd64.tar.gz dest=/usr/local/
- name: tar prometheus
shell: 'sudo tar -zxvf /usr/local/prometheus-2.37.0.linux-amd64.tar.gz -C /usr/local'
过程:
需要上传Prometheus到root目录下,在工作目录下创建prometheus.yml
5.使用自动化运维工具完成企业级应用的部署。
编写prometheus.yml.j2模板文件,将所有slave节点信息添加到该文件中,但是被管节点的主机名信息必须使用变量IP地址可以手动输入。完成后请创建node_exporter.yml文件,编写第一个play,将该play命名为slave,该play控制的主机组为slave,使用ansible模块将node_exporter-1.3.1.linux-amd64.tar.gz发送到slave主机组的/usr/local/下,使用一个shell模块解压该压缩包,并启动该服务。随后编写第二个play,将第二个play命名为monitor,第二个play控制monitor节点,首先使用ansible模块将prometheus.yml.j2文件传输到monitor节点,然后使用script模块将prometheus启动。使用对应模块将grafana-8.1.2-1.x86_64.rpm包发送到被控节点的/mnt/目录下,然后使用对应模块将该软件包安装,安装完成后设置grafana服务启动并设置开机自动启动。使用浏览器登录prometheus查看prometheus是否成功监控所有slave节点。
请将node_exporteryml文件内容提交到答题框。【5分】
---
- hosts: slave
name: slave
tasks:
- name: copy node_expose
copy: src=/root/node_exporter-1.3.1.linux-amd64.tar.gz dest=/usr/local/
- name: tar node_expose
shell: 'sudo tar -zxvf /usr/local/node_exporter-1.3.1.linux-amd64.tar.gz -C /usr/local/'
- name: start node_export
shell: 'sudo nohup /usr/local/node_exporter-1.3.1.linux-amd64/node_exporter &'
- hosts: monitor
name: monitor
vars:
node1: 192.168.200.101
node2: 192.168.200.102
tasks:
- name: template j2
template: src=./prometheus.yml.j2 dest=/usr/local/prometheus-2.37.0.linux-amd64/prometheus.yml
- name: start prometheus
script: /root/ansible/nohup.sh
- name: copy grafana
copy: src=/root/grafana-8.1.2-1.x86_64.rpm dest=/mnt/
- name: install repaired
shell: 'sudo yum install -y fontconfig urw-fonts '
- name: install grafana
shell: 'sudo rpm -ivh /mnt/grafana-8.1.2-1.x86_64.rpm'
- name: enable gtafana
service: name=grafana-server state=started enabled=yes
过程:
prometheus.yml.j2
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
# - alertmanager:9093
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: "prometheus"
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ["localhost:9090"]
- job_name: "node_exporter"
static_configs:
- targets: ["{{node1}}:9100","{{node2}}:9100"]
node_exporter.yml
---
- hosts: slave
name: slave
tasks:
- name: copy node_expose
copy: src=/root/node_exporter-1.3.1.linux-amd64.tar.gz dest=/usr/local/
- name: tar node_expose
shell: 'sudo tar -zxvf /usr/local/node_exporter-1.3.1.linux-amd64.tar.gz -C /usr/local/'
- name: start node_export
shell: 'sudo nohup /usr/local/node_exporter-1.3.1.linux-amd64/node_exporter &'
- hosts: monitor
name: monitor
vars:
node1: 192.168.200.101
node2: 192.168.200.102
tasks:
- name: template j2
template: src=./prometheus.yml.j2 dest=/usr/local/prometheus-2.37.0.linux-amd64/prometheus.yml
- name: start prometheus
script: /root/ansible/nohup.sh
- name: copy grafana
copy: src=/root/grafana-8.1.2-1.x86_64.rpm dest=/mnt/
- name: install repaired
shell: 'sudo yum install -y fontconfig urw-fonts '
- name: install grafana
shell: 'sudo rpm -ivh /mnt/grafana-8.1.2-1.x86_64.rpm'
- name: enable gtafana
service: name=grafana-server state=started enabled=yes
#因为启动Prometheus需要使用scrpit模块,所以需要在写一个脚本文件,通过脚本文件启动监控系统
nohup.sh
#!/bin/bash
cd /usr/local/prometheus-2.37.0.linux-amd64/
nohup ./prometheus &
任务 2 企业级应用的运维(12 分)
1.使用 prometheus 监控 mysqld 服务
将提供的mysqld_exporter-0.14.0.linux-amd64.tar.gz 发送到agent虚拟机/usr/local/目录下解压并安装mariadb服务。进入mariadb数据库中创建mysqld_monitor用户并授权,然后创建mariadb配置文件,内容为数据库用户名密码。启动mysqld_exporter组件确保9104端口启动。回到prometheus节点修改prometheus.yml文件并添加mysql被监控信息。重启prometheus,随后web界面刷新并查看mysqld被控信息。
请将ps -ef | grep prometheus命令的返回结果提交至答题框。【3分】
[root@monitor prometheus-2.37.0.1inuax-amd64]# ps -ef l grep prometheus
root 23115 23073 006:50 pts/5 00:00:00 ./prometheus
root 23125 23073 006:51 pts/5 00:00:00 grep --color=auto prometheus
过程:
vi mysqld_exporter.yml
---
- hosts: slave
name: slave
tasks:
- name: copy mysqld_exporter
copy: src=/root/mysqld_exporter-0.14.0.linux-amd64.tar.gz dest=/usr/local/
- name: tar it
shell: 'sudo tar -zxvf /usr/local/mysqld_exporter-0.14.0.linux-amd64.tar.gz -C /usr/local'
- name: anzhuang mariadb
shell: 'sudo yum install -y mariadb*'
- name: start mysqld
service: name=mariadb state=started enabled=yes
在agent节点
#授权
mysql
>grant select,replication client,process ON *.* to 'mysql_monitor'@'localhost' identified by '123';
>flush privileges;
> quit
#创建一个mariadb文件,并写上连接的用户和密码
vi /usr/local/mysqld_exporter-0.14.0.linux-amd64/.my.cnf
[client]
user=mysql_monitor
password=123
#启动mysqld_exporter
nohup /usr/local/mysqld_exporter-0.14.0.linux-amd64/mysqld_exporter --config.my-cnf=/usr/local/mysqld_exporter-0.14.0.linux-amd64/.my.cnf &
#确认是否开启
netstat -nltp | grep 9104
回到master节点
vi /usr/local/prometheus-2.37.0.linux-amd64/prometheus.yml
- job_name: 'mysql'
static_configs:
- targets: ['192.168.200.101:9104','192.168.200.102:9104']
#重启服务
pkill prometheus
nohup /usr/local/prometheus-2.37.0.linux-amd64/prometheus &
⒉.安装alertmanager报警组件
将提供的alertmanager-0.21.0.linux-amd64.tar.gz上传到prometheus节点/usr/local/目录下并解压,创建软连接alertmanager-0.23.0.linux-amd64/alertmanager。创建service启动文件名为alertmanager.service,然后启动alertmanager查看9093端口。在prometheus.yml配置文件中添加alertmanager信息并重新启动prometheus服务,在agent上停止node_exporter服务。到web界面中查看警报管理器状态是否正常和agent状态是否异常。
请将alertmanager.service添加的内容提交到答题框。【3分】
[Unit]
Description=alertmanager
[Service]
ExecStart=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager --config.file=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager.yml
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
过程
tar -zxvf alertmanager-0.21.0.linux-amd64.tar.gz -C /usr/local/
ln -s alertmanager-0.23.0.linux-amd64/ alertmanager
#创建service启动文件
vi /usr/lib/systemd/system/alertmanager.service
[Unit]
Description=alertmanager
[Service]
ExecStart=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager --config.file=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager.yml
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start alertmanager
#修改Prometheus配置文件
- job_name: 'altermanager'
static_configs:
- targets: ['localhost:9093']
pkill prometheus
nohup /usr/local/prometheus/prometheus.yml &
agent
pkill node_exporter
nohup /usr/local/node_exporter-1.3.1.linux-amd64/node_exporter &
3.alertmanager告警邮件文件编写
Prometheus虚拟机/usr/local/akertmanager/中存在着一个alertmanager.yml文件,请根据提供的地址和模板编写告警所发送到的email邮箱地址信息。
将alertmanager.yml文件修改的内容提交至答题框。【3分】
smtp_auth_username: "[email protected]" # 登录用户名
smtp_auth_password: "auth_pass" # 此处的auth password是邮箱的第三方登录授权密码,而非用户密码,尽量用QQ来测试。
smtp_require_tls: false # 有些邮箱需要开启此配置,这里使用的是163邮箱,仅做测试,不需要开启此功能。
route:
receiver: ops
group_wait: 30s # 在组内等待所配置的时间,如果同组内,30秒内出现相同报警,在一个组内出现。
group_interval: 5m # 如果组内内容不变化,合并为一条警报信息,5m后发送。
repeat_interval: 24h # 发送报警间隔,如果指定时间内没有修复,则重新发送报警。
group_by: [alertname] # 报警分组
routes:
- match:
team: operations
group_by: [env,dc]
receiver: 'ops'
- receiver: ops # 路由和标签,根据match来指定发送目标,如果 rule的lable 包含 alertname, 使用 ops 来发送
group_wait: 10s
match:
team: operations
# 接收器指定发送人以及发送渠道
receivers:
# ops分组的定义
- name: ops
email_configs:
- to: '[email protected],[email protected]' # 如果想发送多个人就以 ','做分割,写多个邮件人即可。
send_resolved: true
headers:
from: "警报中心"
subject: "[operations] 报警邮件"
to: "小煜狼皇"
4.alertmanager告警规则编写
在prometheus虚拟机的prometheus路径下存在一个/rules目录,目录下有一个node_rules.yml文件。请根据提供信息仿照模板编写:
1.内存大于50%报警规则;
2.cpu资源利用率大于75%报警规则;
3.主机磁盘每秒读取数据>5OMB%报警规则;部门名称自定义。
请将上述三项规则的内容提交至答题框。【3分】
groups:
- name: node_health
rules:
- alert: HighMemoryUsage
expr: 1-(node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes) > 0.75
for: 1m
labels:
severity: warning
annotations:
summary: High memory usage
- alert: HighCPUUseage
expr: 1-sum(increase(node_cpu_seconds_total{mode="idle"}[1m])) by (instance) / sum(increase(node_cpu_seconds_total[1m])) by (instance) > 0.75
for: 1m
labels:
severity: warning
annotations:
summary: High CPU usage
- alert: HighReadTime
expr: sum(irate(node_disk_read_bytes_total[1m])) by (instance) > 50 #这个不确定对不对
for: 1m
labels:
severity: warning
annotations:
summary: High Read Time
过程
在prometheus路径下创建一个/rules目录,并创建yml文件
创建完成后修改prometheus.yml文件
rule_files:
- "./rules/node_rules.yml"
#重启Prometheus
pkill prometheus
nohup /usr/local/prometheus-2.37.0.linux-amd64/prometheus &
1.表4中的公网IP和私网IP以自己云主机显示为准,每个人的公网IP和私网IP不同。使用第三方软件远程连接云主机,使用公网IP连接。
2.华为云中云主机名字已命好,直接使用对应名字的云主机即可。
公司在原有的系统集群监控方案中一直使用的是单节点server的zabbix的监控方案但是在使用过程中经常出现server节点宕机等相关问题,公司给技术部下达了解决该问题的通知。经过公司技术部的技术研讨决定使用zabbix+keealived的解决方案决定使用数据库分离以及双节点server的方式去解决该问题,请根据技术部的技术指标完成下列操作。
任务三: 企业级运维(zabbix)
1.完成zabbix 5.0 LTS版本的安装
本次zabbix集群决定使用4台主机去实现该功能分别为两台server一台DB服务一台agent服务请按照要求将zabbix搭建完成。
将两台server节点的主页截图黏贴至答题框。【3分】
2.keepalive的高可用配置
根据要求完成keepalived的安装与配置要求keepalivedip为10结尾,绑定外网网卡、密码为000000、router_id为100、master节点权重100,backup节点权重80,同时修改相应zabbix监控配置项将所有监控项目引入此ip做到高可用配置。
完成操作后将主页登录界面提交至答题框。【4分】
3.编写状态切换脚本
在keepalived中编写状态切换脚本(check_zabbix_server),监控zabbix-server是否正常工作,并可在主机出现故障后迅速切换到backup节点提供服务。
请将cat /etc/keepalived/keepalived.conf内容提交至答题框。【4分】