A场次题目:OpenStack平台部署与运维 业务场景:
某企业拟使用OpenStack搭建一个企业云平台,用于部署各类企业应用对外对内服务。云平台可实现IT资源池化,弹性分配,集中管理,性能优化以及统一安全认证等。系统结构如下图:
企业云平台的搭建使用竞赛平台提供的两台云服务器,配置如下表:
设备名称
主机名
接口
ip地址
云服务器1
controller
eth0,eth1
私网:192.168.100.10/24 私网:192.168.200.10/24
云服务器2
compute
eth0,eth1
私网:192.168.100.20/24 私网:192.168.200.20/24
说明:
1.选手自行检查工位pc机硬件及网络是否正常;1.选手自行检查工位PC机硬件及网络是否正常;
⒉.竞赛使用集群模式进行,给每个参赛队提供华为云账号和密码及考试系统的账号和密码。选手通过用户名与密码分别登录华为云和考试系统;
3.考试用到的软件包都在云主机/opt下。3.考试用到的软件包都在云主机/OPT下.
4.表1中的公网IP和私网IP以自己云主机显示为准,每个人的公网IP和私网IP不同。使用第三方软件远程连接云主机,使用公网IP连接。4.表1中的公网IP和私网IP以自己云主机显示为准,每个人的公网IP和私网IP不同。使用第三方软件远程连接云主机,使用公网IP连接.
任务1私有云平台环境初始化(5分) 1.初始化操作系统 控制节点主机名为controller,计算节点主机名为compute,修改hosts文件将IP地址映射为主机名,使用一条命令关闭firewalld并设置开机不自动启动。
请将cat /etc/hosts命令的返回结果提交至答题框。【2分】
1 2 3 cat /etc/hosts 192.168.100.10 controller 192.168.100.20 compute
过程:
controller节点
1 2 3 4 5 6 7 8 9 10 11 12 hostnamectl set-hostname controller vi /etc/hosts 192.168.100.10 controller 192.168.100.20 compute systemctl stop firewalld && systemctl disable firewalld setenforce 0 vi /etc/selinux/config SELINUX=permissive
compute节点
1 2 3 4 5 6 7 8 9 10 11 12 hostnamectl set-hostname compute # 修改主机映射 vi /etc/hosts 192.168.100.10 controller 192.168.100.20 compute # 关闭防火墙和关机自启动 systemctl stop firewalld && systemctl disable firewalld # 安全策略 setenforce 0 vi /etc/selinux/config SELINUX=permissive
⒉.挂载安装光盘镜像 将提供的CentOS-7-x86_64-DVD-1804.iso和bricsskills_cloud_iaas.iso光盘镜像复制到controller节点/root目录下,然后在/opt目录下使用命令创建/centos目录和/iaas目录,并将镜像文件centOS-7-x86_64-DVD-1804.iso挂载到/centos目录下,将镜像文件bricsskills_cloud_iaas.iso挂载到/iaas目录下
请将ls /opt/iaas/命令的返回结果提交至答题框。【1分】
(镜像未拷贝,用省赛即可)
1 2 3 [root@controller ~]# ls /opt/iaas/ iaas-repo images
过程:
controller节点
1 2 3 4 5 6 7 mkdir /opt/centosmkdir /opt/iaasmount CentOS-7-x86_64-DVD-1804.iso /opt/centos/ mount chinaskills_cloud_iaas.iso /opt/iaas/
3.设置yum源 将controller节点和compute节点原有的yum源移动到/home目录,为controller节点创建本地yum源,yum源文件名为local.repo;为compute节点创建ftp源,yum源文件名为ftp.repo,其中ftp服务器地址为controller节点,配置ftp源时不要写IP地址。
请将ftp.repo的内容提交至答题框。【0.5分】
1 2 3 4 5 6 7 8 9 10 11 [root@compute ~]# cat /etc/yum.repos.d/ftp.repo [centos] name=centos baseurl=ftp://controller/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=ftp://controller/iaas/iaas-repo gpgcheck=0 enabled=1
过程:
controller节点
1 2 3 4 5 6 7 8 9 10 11 12 13 mv /etc/yum.repos.d/* /home/vi /etc/yum.repos.d/local.repo [centos] name=centos baseurl=file:///opt/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=file:///opt/iaas/iaas-repo gpgcheck=0 enabled=1
compute节点
1 2 3 4 5 6 7 8 9 10 11 12 mv /etc/yum.repos.d/* /home/ vi /etc/yum.repos.d/ftp.repo [centos] name=centos baseurl=ftp://controller/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=ftp://controller/iaas/iaas-repo gpgcheck=0 enabled=1
4.搭建文件共享服务器 在Controller节点上安装vsftp服务并设置开机自启动,将/opt目录设为共享目录重启服务生效。
请将vsftp配置文件中修改的行提交至答题框。【0.5分】
1 2 [root@controller ~]# cat /etc/vsftpd/vsftpd.conf anon_root=/opt/
controller节点
1 2 3 4 5 6 7 8 yum install -y vsftpd vi /etc/vsftpd/vsftpd.conf anon_root=/opt/ systemctl start vsftpd systemctl enable vsftpd
5.系统调优-脏数据回写 Linux系统内存中会存在脏数据,一般系统默认脏数据30秒后会回写磁盘,修改配置文件,要求将回写磁盘的时间临时调整为60秒。
请使用sysctl -p命令将返回结果提交至答题框。【1分】
1 2 [root@controller ~]# sysctl -p vm.dirty_expire_centisecs = 6000
过程:
1 2 3 4 5 6 vi /etc/sysctl.conf vm.dirty_expire_centisecs= 6000 sysctl -p vm.dirty_expire_centisecs = 6000
任务2 OpenStack搭建任务(10分) root密码以实际为准
1.修改变量文件 在控制节点和计算节点上分别安装iaas-xiandian软件包,修改配置脚本文件中基本变量(配置脚本文件为/etc/xiandian/openrc.sh)。修改完成后使用命令生效该变量文件,并然后执行echo $INTERFACE_IP命令。
请将echo $INTERFACE_IP命令的返回结果提交至答题框。【0.5分】
1 2 3 4 [root@controller ~]# echo $INTERFACE_IP 192.168.100.10 [root@compute ~]# echo $INTERFACE_IP 192.168.100.20
过程:
controller
1 2 3 4 5 6 7 8 yum install -y iaas-xiandian vi /etc/xiandian/openrc.sh scp /etc/xiandian/openrc.sh root@compute:/etc/xiandian/openrc.sh source /etc/xiandian/openrc.shecho $INTERFACE_IP 192.168.100.10
compute
1 2 3 4 5 yum install -y iaas-xiandian #将配置文件的INTERFACE_IP改为compute的ip source /etc/xiandian/openrc.sh echo $INTERFACE_IP 192.168.100.20
2.controller节点和compute节点分别执行iaas-pre-host.sh脚本 请将执行sh文件的命令提交至答题框。【1分】
3.搭建数据库组件 执行iaas-install-mysql.sh脚本,在controller节点会自行安装mariadb、memcached、rabbitmq等服务和完成相关配置。执行完成后修改配置文件将memcached最大连接数修改为2048。
请将ps aux | grep memcached命令的返回结果提交至答题框。【1分】
1 2 3 4 [root@controller sysconfig]# ps aux | grep memcached memcach+ 25218 0.0 0.1 443040 4212 ? Ssl 16:36 0:00 /usr/bin/memcached -p 11211 -u memcached -m root 25232 0.0 0.0 112720 984 pts/1 S+ 16:36 0:00 grep --color=auto memcached
过程:
1 2 3 4 5 6 7 8 9 10 11 12 iaas-install-mysql.sh cd /etc/sysconfig/vi memcached MAXCONN="2048" systemctl restart memcached ps aux | grep memcached memcach+ 25218 0.0 0.1 443040 4212 ? Ssl 16:36 0:00 /usr/bin/memcached -p 11211 -u memcached -m 64 -c 2048 -l 127.0.0.1,::1,controller root 25232 0.0 0.0 112720 984 pts/1 S+ 16:36 0:00 grep --color=auto memcached
4.搭建认证服务组件 执行iaas-install-keystone.sh脚本,在controller节点上会自行安装keystone服务和完成相关配置。完成后使用openstack命令查看当前用户列表。
请将openstack查看用户列表的命令提交至答题框。【1分】
1 2 3 4 5 6 7 8 [root@controller sysconfig]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | c75f855190ab4f50b9b7175ea8a90b44 | admin | | fb61c950d2874cafaff6e57f406e103b | demo | +----------------------------------+-------+
过程:
1 2 3 4 5 6 7 8 9 10 11 12 iaas-install-keystone.sh source /etc/keystone/admin-openrc.shopenstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | c75f855190ab4f50b9b7175ea8a90b44 | admin | | fb61c950d2874cafaff6e57f406e103b | demo | +----------------------------------+-------+
5.搭建镜像服务组件 执行iaas-install-glance.sh脚本,在controller 节点会自行安装glance服务和完成相关配置。完成后使用openstack命令将cirros-0.3.4-x86_64-disk.img上传到controller节点的/root目录下,并命名为cirros。
请将镜像上传的操作命令和返回结果提交至答题框。【1分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [root@controller sysconfig]# openstack image create cirros --disk-format qcow2 --container bare --file /root/cirros-0.3.4-x86_64-disk.img +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2022-10-08T08:56:01Z | | disk_format | qcow2 | | file | /v2/images/70344b58-7c4f-43b0-b5de-15dd898d1293/file | | id | 70344b58-7c4f-43b0-b5de-15dd898d1293 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | e6dc2936211947c3b924187b48ffa8fb | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2022-10-08T08:56:01Z | | virtual_size | None | | visibility | shared | +------------------+------------------------------------------------------+
过程:
1 2 3 4 iaas-install-glance.sh openstack image create cirros --disk-format qcow2 --container bare --file /root/cirros-0.3.4-x86_64-disk.img
6.搭建计算服务组件 在controller节点和compute节点分别执行iaas-install-nova-controller.sh和iaas-install-nova-compute.sh脚本,会自行安装nova服务和完成相关配置。然后使用命令列出能提供计算资源的节点。
请将nova service-list命令的返回结果提交至答题框。【2分】
1 2 3 4 5 6 7 8 9 10 11 [root@controller sysconfig]# nova service-list +--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down | +--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+ | c6a665b2-2cd7-44ca-9d75-32e7da6f4acf | nova-scheduler | controller | internal | enabled | up | 2022-10-08T09:07:15.000000 | - | False | | ce9d4037-9d16-4f16-8bbd-7015ddc74345 | nova-consoleauth | controller | internal | enabled | up | 2022-10-08T09:07:15.000000 | - | False | | 8697a2e3-e5da-4f53-bc0d-e56f338027a5 | nova-conductor | controller | internal | enabled | up | 2022-10-08T09:07:16.000000 | - | False | | fc6eb5ca-c245-47f6-b9d9-24426f269e3f | nova-compute | compute | nova | enabled | up | 2022-10-08T09:07:19.000000 | - | False | | 1bd34d8c-ff2a-4c64-b426-a41dacf04bc2 | nova-compute | controller | nova | enabled | up | 2022-10-08T09:07:22.000000 | - | False | +--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
过程
controller
1 2 3 4 5 iaas-install-nova-controller.sh #修改配置文件 vi /etc/xiandian/openrc.sh iaas-install-nova-compute.sh #修改完配置文件后改回
compute
1 iaas-install-nova-compute
controller:
7.搭建网络组件并初始化网络 在controller节点和compute节点分别执行iaas-install-neutron-controller.sh和iaas-install-neutron-compute.sh脚本,会自行安装neutron 服务并完成配置。创建云主机外部网络ext-net,子网为ext-subnet,云主机浮动IP可用网段为192.168.10.100192.168.10.200,网关为192.168.10.1。创建云主机内部网络int-net1,子网为int-subnet1,云主机子网IP可用网段为10.0.0.10010.0.0.200,网关为10.0.0.1;创建云主机内部网络int-net2,子网为int-subnet2,云主机子网IP可用网段为10.0.1.100 ~10.0.1.200,网关为10.0.1.1。添加名为ext-router的路由器,添加网关在ext-net网络,添加内部端口到int-net1 网络,完成内部网络int-net1和外部网络的连通。
请使用openstack命令完成以上任务,完成后将命令和返回结果提交至答题框。【3分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 openstack network create ext-net --provider-physical-network provider --external --enable-port-security --enable --provider-network-type flat +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-10-09T02:59:57Z | | description | | | dns_domain | None | | id | 01fb1dc8-66f3-4045-84dc-cdc0cb69bede | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1500 | | name | ext-net | | port_security_enabled | True | | project_id | e6dc2936211947c3b924187b48ffa8fb | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 5 | | router:external | External | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-10-09T02:59:57Z | +---------------------------+--------------------------------------+ openstack subnet create ext-subnet --network ext-net --dhcp --gateway 192.168.10.1 --subnet-range 192.168.10.0/24 --allocation-pool start=192.168.10.100,end=192.168.10.200 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.10.100-192.168.10.200 | | cidr | 192.168.10.0/24 | | created_at | 2022-10-09T03:01:56Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 192.168.10.1 | | host_routes | | | id | 4b633ced-be54-4af4-a536-8f94f0c694bf | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | ext-subnet | | network_id | 01fb1dc8-66f3-4045-84dc-cdc0cb69bede | | project_id | e6dc2936211947c3b924187b48ffa8fb | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2022-10-09T03:01:56Z | +-------------------+--------------------------------------+ openstack network create --internal int-net1 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-10-09T03:02:27Z | | description | | | dns_domain | None | | id | 43b5b4a9-1846-4489-8521-acdf2f96453e | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1450 | | name | int-net1 | | port_security_enabled | True | | project_id | e6dc2936211947c3b924187b48ffa8fb | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 161 | | qos_policy_id | None | | revision_number | 2 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-10-09T03:02:27Z | +---------------------------+--------------------------------------+ [root@controller ~]# openstack network create --internal int-net2 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-10-09T03:02:31Z | | description | | | dns_domain | None | | id | ea39aff1-bd51-443b-83e9-c573812a1dd7 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1450 | | name | int-net2 | | port_security_enabled | True | | project_id | e6dc2936211947c3b924187b48ffa8fb | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 195 | | qos_policy_id | None | | revision_number | 2 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-10-09T03:02:31Z | +---------------------------+--------------------------------------+ [root@controller ~]# openstack subnet create int-subnet1 --network int-net1 --dhcp --gateway 10.0.0.1 --subnet-range 10.0.0.0/24 --allocation-pool start=10.0.0.100,end=10.0.0.200 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 10.0.0.100-10.0.0.200 | | cidr | 10.0.0.0/24 | | created_at | 2022-10-09T03:05:35Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | d56b1e12-c37a-4ba1-9323-249b0e74e8b3 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | int-subnet1 | | network_id | 43b5b4a9-1846-4489-8521-acdf2f96453e | | project_id | e6dc2936211947c3b924187b48ffa8fb | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2022-10-09T03:05:35Z | +-------------------+--------------------------------------+ [root@controller ~]# openstack subnet create int-subnet2 --network int-net2 --dhcp --gateway 10.0.1.1 --subnet-range 10.0.1.0/24 --allocation-pool start=10.0.1.100,end=10.0.1.200 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 10.0.1.100-10.0.1.200 | | cidr | 10.0.1.0/24 | | created_at | 2022-10-09T03:06:02Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.1.1 | | host_routes | | | id | 3c8fbeb8-c4ec-41d4-b2d2-eac146b82eac | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | int-subnet2 | | network_id | ea39aff1-bd51-443b-83e9-c573812a1dd7 | | project_id | e6dc2936211947c3b924187b48ffa8fb | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2022-10-09T03:06:02Z | +-------------------+--------------------------------------+ [root@controller ~]# openstack router create ext-router --enable +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-10-09T03:07:38Z | | description | | | distributed | False | | external_gateway_info | None | | flavor_id | None | | ha | False | | id | b6ec9db2-2a00-438f-bd07-fa433647d0d4 | | name | ext-router | | project_id | e6dc2936211947c3b924187b48ffa8fb | | revision_number | 1 | | routes | | | status | ACTIVE | | tags | | | updated_at | 2022-10-09T03:07:38Z | +-------------------------+--------------------------------------+ [root@controller ~]# openstack router set ext-router --external-gateway ext-net --enable-snat [root@controller ~]# openstack router add subnet ext-router int-subnet1
任务3 OpenStack运维任务 1.使用openstack图形界面创建镜像,镜像名称为nginx,源使用nginx-centos.qcow2 请将镜像截图提交至答题框。【1分】
操作步骤:
1 登录OpenStack,创建镜像,源镜像为nginx-centos.qcow2,名臣为nginx,创建完成
⒉.使用命令创建名称为group_web的安全组该安全组的描述为工位号,为该安全组添加规则允许任意ip地址访问web,并写出添加访问SSH (22)的命令。 请将添加访问SSH (22)的命令提交至答题框。【1分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [root@controller ~]# openstack security group rule create group_web --ingress --dst-port 22:22 --remote-ip 0.0.0.0/24 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2022-10-09T03:48:08Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 03c7ce48-4ada-4f9d-bd0c-c80454d57f94 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | e6dc2936211947c3b924187b48ffa8fb | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/24 | | revision_number | 0 | | security_group_id | 9c74fd04-d37a-4501-9632-05d82388ac59 | | updated_at | 2022-10-09T03:48:08Z | +-------------------+--------------------------------------+
过程:
1 2 3 4 5 6 7 openstack security group create group_web --project demo --description 31 openstack security group rule create group_web --ingress --dst-port 80:80 --remote-ip 0.0.0.0/24 --protocol tcp openstack security group rule create group_web --ingress --dst-port 443:443 --remote-ip 0.0.0.0/24 --protocol tcp openstack security group rule create group_web --ingress --dst-port 22:22 --remote-ip 0.0.0.0/24
3.创建名为nginx的云主机类型,要求VCPU 1内存1024M根磁盘10G 请将openstack命令提交至答题框。【1分】
1 2 3 4 5 6 7 [root@controller ~]# nova flavor-create nginx 1 1024 10 1 +----+-------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | Description | +----+-------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ | 1 | nginx | 1024 | 10 | 0 | | 1 | 1.0 | True | - | +----+-------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
5.修改相关配置,关闭nginx云主机的系统的内存共享,打开透明大页,并且保证nginx云主机的安全,配置禁止其他节点可以ping它 请将sysctl -p命令的返回结果提交至答题框。【1分】
过程:
1 2 3 4 5 vi /etc/sysctl.conf kernel.shmmax = 0 kernel.shmall = 0 kernel.shmmni = 0 net.ipv4.icmp_echo_ignore_all = 1
6.通过ceilometer组件,使用命令行查询nginx云主机CPU使用情况。 请将gnocchi metric list命令的返回结果提交至答题框。【1分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 ceilometer meter-list +---------------------------------------------+------------+-----------+-----------------------------------------------------------------------+----------------------------------+----------------------------------+ | Name | Type | Unit | Resource ID | User ID | Project ID | +---------------------------------------------+------------+-----------+-----------------------------------------------------------------------+----------------------------------+----------------------------------+ | cpu | cumulative | ns | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | cpu_util | gauge | % | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.allocation | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.capacity | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.allocation | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.capacity | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.read.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.read.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.usage | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.write.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.device.write.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d-vda | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.read.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.read.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.read.requests | cumulative | request | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.read.requests.rate | gauge | request/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.total.size | gauge | GB | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.usage | gauge | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.write.bytes | cumulative | B | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.write.bytes.rate | gauge | B/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.write.requests | cumulative | request | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | disk.write.requests.rate | gauge | request/s | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | instance | gauge | instance | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | memory | gauge | MB | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | memory.usage | gauge | MB | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.incoming.bytes | cumulative | B | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.incoming.bytes.rate | gauge | B/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.incoming.packets | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.incoming.packets.drop | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.incoming.packets.error | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.incoming.packets.rate | gauge | packet/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.outgoing.bytes | cumulative | B | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.outgoing.bytes.rate | gauge | B/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.outgoing.packets | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.outgoing.packets.drop | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.outgoing.packets.error | cumulative | packet | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | network.outgoing.packets.rate | gauge | packet/s | instance-00000067-823bf8b4-96b4-4614-ab0e-49fba80bd13d-ovkb478c1ea-ce | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | poweron | gauge | N/A | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 | | vcpus | gauge | vcpu | 823bf8b4-96b4-4614-ab0e-49fba80bd13d | 6e2f1fdf1e3c4cae95ce8bb09ec99431 | d448a43772e5434592baf9217e9a1b82 |
过程:
1 2 3 4 #分别安装ceilometer组件 controller: iaas-install-ceilometer-controller.sh compute: iaas-install-ceilometer-compute.sh
7.使用命令行创建云主机nginx快照,命名为nginx_snap,使用qemu相关命令查询该快照磁盘详细属性。 请将qemu-img info nginx_snap.qcow2命令的返回结果提交至答题框。【2分】
1 2 3 4 5 6 7 8 9 10 11 12 [root@controller images]# qemu-img info 5eae1a37-7ae9-4c4a-98c5-f477183eb818 image: 5eae1a37-7ae9-4c4a-98c5-f477183eb818 file format: qcow2 virtual size: 10G (10737418240 bytes) disk size: 1.7G cluster_size: 65536 Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 corrupt: false
过程:
1 2 3 4 5 6 7 8 nova list nova image-create b8095ceb-005c-4ca8-88be-dbdd7bec39ac "nginx_snap" cd /var/lib/glance/imagesqemu-img info 5eae1a37-7ae9-4c4a-98c5-f477183eb818
8.执行iaas-install-cinder-controller .sh和iaas-install-cinder-compute.sh脚本,在controller和compute节点上安装cinder服务并完成配置,创建一个名为lvm的卷类型,创建该类型规格键值对,要求lvm卷类型对应cinder后端驱动lvm所管理的存储资源。创建一块带这个卷类型标识的云硬盘lvm_test,查询该云硬盘的详细信息。 请将cinder show lvm_test命令的返回结果提交至答题框。【2分】
9.将该云硬盘挂载到nginx云主机中,将该云硬盘格式化为xfs。永久挂载至/opt目录,创建一个文件文件名为工位号内容为工位号。 请将cat /etc/fstab的返回结果提交至答题框。【1分】
过程:
1 2 3 4 5 6 7 openstack server add volume nginx test_lvm mkfs.xfs /dev/vdb vi /etc/fstab /dev/vdb /opt xfs defaults 0 0
10.编写server_volume.yaml文件,通过heat组件实现自动化部署:发放1台云主机,主机名称为my server_1,镜像为nginx,云主机类型为nginx,网络为int-net1,创建大小为1G的云硬盘,挂载至my_server_1 将server_volume.yaml文件中的内容提交至答题框。【3分】
B场次题目:容器的编排与运维
设备名称
主机名
接口
IP地址
虚拟机1
master
ens33
192.168.200.162
虚拟机2
node1
ens33
192.168.200.163
虚拟机3
node2
ens33
192.168.200.164
虚拟机4
node3
ens33
192.168.200.165
任务1 容器云平台环境初始化(5分) 1.容器云平台的初始化 根据表2中的IP地址规划,创建云服务器,镜像使用CentOS_7.5_x86_64_XD.qcow,确保网络正常通信。按照表1设置主机名节点并关闭swap,同时永久关闭selinux以及防火墙,并修改hosts映射。
请将master节点hosts文件内容提交至答题框。【1分】
1 2 3 4 5 vi /etc/hosts 192.168.200.162 master 192.168.200.163 node1 192.168.200.164 node2 192.168.200.165 harbor
过程:
master
其他节点修改主机名即可,其他命令相同
1 2 3 4 5 6 7 8 9 10 11 12 hostnamectl set-hostname master setenforce 0 vi /etc/selinux/config SELINUX=disabled swapoff -a systemctl stop firewalld systemctl disable firewalld vi /etc/hosts 192.168.200.162 master 192.168.200.163 node1 192.168.200.164 node2 192.168.200.165 harbor
2.Yum源数据的持久化挂载 将提供的CentOS-7-x86_64-DVD-1804.iso和bricsskills_cloud_paas.iso光盘镜像移动到master节点/root目录下,然后在/opt目录下使用命令创建/centos目录和/paas目录,并将镜像文件CentOS-7-x86_64-DVD-1804.iso永久挂载到/centos目录下,将镜像文件bricsskills_cloud_paas.iso永久挂载到/paas目录下。
请将cat /etc/fstab的返回结果提交到答题框。【1分】
若无bricsskills_cloud_paas.iso使用chinaskil也可以
1 2 3 cat /etc/fstab /root/CentOS-7-x86_64-DVD-1804.iso /opt/centos iso9660 defaults 0 0 /root/chinaskills_cloud_paas.iso /opt/paas iso9660 defaults 0 0
过程:
1 2 3 4 5 6 7 8 9 10 mkdir /opt/centosmkdir /opt/paasmount CentOS-7-x86_64-DVD-1804.iso /opt/centos mount chinaskills_cloud_paas.iso /opt/paas vi /etc/fstab /root/CentOS-7-x86_64-DVD-1804.iso /opt/centos iso9660 defaults 0 0 /root/chinaskills_cloud_paas.iso /opt/paas iso9660 defaults 0 0 mount -a
3.Yum源的编写 为master节点设置本地yum源,yum源文件名为local.repo,安装ftp服务,将ftp仓库设置为/opt/,为node1节点和node2节点配置ftp源,yum源文件名称为ftp.repo,其中ftp服务器地址为master节点,配置ftp源时不要写IP地址。
请将ftp.repo文件中的内容提交到答题框。【1分】
1 2 3 4 5 6 7 8 9 10 11 12 13 vi /etc/yum.repos.d/ftp.repo [centos] name=centos baseurl=ftp://master/centos gpgcheck=0 enabled=1 [k8s] name=k8s baseurl=ftp://master/paas/kubernetes-repo gpgcheck=0 enabled=1
过程:
master
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 mv /etc/yum.repos.d/* /etc/yumvi /etc/yum.repos.d/centos.repo [centos] name=centos baseurl=file:///opt/centos gpgcheck=0 enabled=1 [k8s] name=k8s baseurl=file:///opt/paas/kubernetes-repo gpgcheck=0 enabled=1 yum install -y vsftpd vi /etc/vsftpd/vsftpd.conf anon_root=/opt/ systemctl start vsftpd systemctl enable vsftpd iptables -F iptables -X iptables -Z /usr/sbin/iptables-save
其他节点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 mv /etc/yum.repos.d/* /etc/yum vi /etc/yum.repos.d/ftp.repo [centos] name=centos baseurl=ftp://master/centos gpgcheck=0 enabled=1 [k8s] name=k8s baseurl=ftp://master/paas/kubernetes-repo gpgcheck=0 enabled=1 iptables -F iptables -X iptables -Z /usr/sbin/iptables-save
4.设置时间同步服务器 在master节点上部署chrony服务器,允许其他节点同步时间,启动服务并设置为开机启动;在其他节点上指定master节点为上游NTP服务器,重启服务并设为开机启动。
请在master节点将cat /etc/chrony.conf | grep server命令的返回结果提交到答题框。【1分】
1 2 3 4 5 6 7 [root@master ~]# cat /etc/chrony.conf | grep server server master iburst
过程:
master
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 vi /etc/chrony.conf server master iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync logdir /var/log/chrony allow 10.0.0.0/24 local stratum 10systemctl restart chronyd systemctl enable chronyd
其他节点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 vi /etc/chrony.conf server master iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync logdir /var/log/chrony systemctl restart chronyd systemctl enable chronyd
5.设置免密登录 为四台服务器设置免密登录,保证服务器之间能够互相免密登录。
请将免密登录的命令提交到答题框。【1分】
1 2 3 4 ssh-keygen ssh-copy-id root@192.168.200.163 ssh-copy-id root@192.168.200.164 ssh-copy-id root@192.168.200.165
任务2 k8s搭建任务(10分) 1.安装docker应用 在所有节点上安装dokcer-ce。安装完成后修改docker启动引擎为systemd并配置阿里云镜像加速地址,配置成功重启docker服务器。
请将docker version命令的返回结果提交到答题框。【1分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [root@master ~]# docker version Client: Docker Engine - Community Version: 19.03.13 API version: 1.40 Go version: go1.13.15 Git commit: 4484c46d9d Built: Wed Sep 16 17:03:45 2020 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.13 API version: 1.40 (minimum version 1.12) Go version: go1.13.15 Git commit: 4484c46d9d Built: Wed Sep 16 17:02:21 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.3.7 GitCommit: 8fba4e9a7d01810a393d5d25a3621dc101981175 runc: Version: 1.0.0-rc10 GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd docker-init: Version: 0.18.0 GitCommit: fec3683
过程:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 yum install -y yum-utils lvm2 device-mapper-* yum install -y docker-ce systemctl start docker systemctl enable docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors" : ["https://5twf62k1.mirror.aliyuncs.com" ], "exec-opts" : ["native.cgroupdriver=systemd" ] } EOF systemctl restart docker
2.安装docker-compose 在Harbor节点上使用/opt/paas/docker-compose/v1.25.5-docker-compose-Linux-x86_6下的文件安装docker-compose。安装完成后执行docker-composeversion命令。
请将docker-compose versio命令返回结果提交到答题框。【0.5分】
1 2 3 4 5 6 [root@harbor ~]# docker-compose version docker-compose version 1.25.5, build 8a1c60f6 docker-py version: 4.1.0 CPython version: 3.7.5 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019
过程:
1 2 3 4 cp -rfv /opt/docker-compose/v1.25.5-docker-compose-Linux-x86_64 /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-composedocker-compose version
3.搭建horbor仓库 在Harbor节点使用/opt/paas/harbor/ harbor-offline-installer-v2.1.0.tgz离线安装包,安装harbor仓库,并修改各节点默认docker仓库为harbor仓库地址。
请将master节点daemon.json中的内容提交到答题框。【2分】
1 2 3 4 5 6 cat /etc/docker/daemon.json { "insecure-registries" : [ "192.168.200.165:5000" ] , "registry-mirrors" : [ "https://5twf62k1.mirror.aliyuncs.com" ] , "exec-opts" : [ "native.cgroupdriver=systemd" ] }
过程:
harbor:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 mkdir /cert/ -pcd /cert/ openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt Common Name (eg, your name or your server's hostname) []:192.168.200.165 #2.生成证书签名请求 openssl req -newkey rsa:4096 -nodes -sha256 -keyout 192.168.200.165.key -out 192.168.200.165.csr 一路回车出现Common Name 输入IP或域名 Common Name (eg, your name or your server' s hostname) []:192.168.200.165echo subjectAltName = IP:192.168.200.165 > extfile.cnfopenssl x509 -req -days 365 -in 192.168.200.165.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 192.168.200.165.crt tar -zxvf harbor-offline-installer-v2.0.1.tgz cd harborcp harbor.yml.tmpl harbor.ymlhostname=192.168.200.165 ssl_cert = /cert/192.168.200.165.crt ssl_cert_key = /cert/192.168.200.165.key ./prepare ./install.sh mkdir –p /etc/docker/certs.d/192.168.200.165cp ca.crt /etc/docker/certs.d/192.168.200.165/ca.crtsystemctl restart docker
4.上传docker镜像 在master节点使用命令将/opt/paas/images目录下所有镜像导入本地。然后使用/opt/paas/k8s_image_push.sh将所有镜像上传至docker仓库,遇到地址配置时请写IP地址。
请将执行k8s_image_push.sh文件的返回结果提交到答题框。
过程
1 2 3 4 5 6 7 8 # 导入镜像 for i in $(ls /opt/paas/images|grep tar) do docker load -i /opt/paas/images/$i done cd /opt/paas/ ./k8s_image_push.sh
5.安装kubeadm工具 在master及所有node节点安装Kubeadm工具并设置开机自动启动,安装完成后使用rpm命令配合grep查看Kubeadm工具是否正确安装。
请将kubectl get nodes命令的返回结果提交到答题框。【0.5分】
1 2 3 4 rpm -qa | grep ku kubeadm-1.18.1-0.x86_64 kubectl-1.18.1-0.x86_64 kubelet-1.18.1-0.x86_64
过程:
1 2 3 yum -y install kubeadm-1.18.1 kubectl-1.18.1 kubelet-1.18.1 systemctl enable kubelet && systemctl start kubelet
6.kubeadm安装master 使用kubeadm命令生成yaml文件,并修改yaml文件,设置kubernetes虚拟内部网段地址为10.244.0.0/16,通过该yaml文件初始化master节点,然后使用kube-flannel.yaml完成控制节点初始化设置,完成后使用命令查看集群状态和所有pod。
请将kubectl get nodes命令的返回结果提交到答题框。【2分】
1 2 3 [root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady master 13s v1.18.1
过程:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 cat >> /etc/sysctl.d/k8s.conf <<EOF net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system //生效 kubeadm config print init-defaults > kubeadm-config.yaml advertiseAddress: 192.168.200.162 podSubnet: "10.244.0.0/16" --image-repository=registry.aliyuncs.com/google_containers kubeadm init --config kubeadm-config.yaml
7.删除污点 使用命令删除master节点的污点,使得Pod也可以调度到master节点上,操作成功配合grep查看master节点的污点。
请将删除master节点的污点的命令提交到答题框。【1分】
1 kubectl taint nodes master node-role.kubernetes.io/master-
过程
1 2 3 4 5 kubectl taint nodes master node-role.kubernetes.io/master- kubectl describe nodes master |grep Taints Taints: node.kubernetes.io/not-ready:NoExecute
8.安装kubernetes网络插件 使用kube-flannel.yaml安装kubernetes网络插件,安装完成后使用命令查看节点状态。
请将kubectl get nodes命令的返回结果提交到答题框。【0.5分】
1 2 3 [root@localhost paas]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 12m v1.18.1
过程:
master
1 2 3 4 5 6 kubectl apply -f /opt/paas/yaml/flannel/kube-flannel.yaml [root@localhost paas]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 12m v1.18.1
9.kubernetes图形化界面的安装 使用recommended.yaml和dashboard-adminuser.yaml安装kubernetesdashboard界面,完成后查看首页。
请将kubectl get pod,svc -n kubernetes-dashboard命令的返回结果提交到答题框。【1分】
1 2 3 4 5 6 7 8 9 [root@master ~]# kubectl get pod,svc -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE pod/dashboard-metrics-scraper-6b4884c9d5-9g89j 1/1 Running 0 22d pod/kubernetes-dashboard-5585794759-7h42g 1/1 Running 0 22d NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/dashboard-metrics-scraper ClusterIP 10.102.214.55 <none> 8000/TCP 22d service/kubernetes-dashboard NodePort 10.99.171.141 <none> 443:30000/TCP 22d
过程:
1 2 3 4 5 6 7 8 9 10 11 12 13 mkdir dashboard-certscd dashboard-certs/kubectl create namespace kubernetes-dashboard openssl genrsa -out dashboard.key 2048 openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert' openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard sed -i "s/kubernetesui/$IP \/library/g" /opt/yaml/dashboard/recommended.yaml kubectl apply -f /opt/yaml/dashboard/recommended.yaml kubectl apply -f /opt/yaml/dashboard/dashboard-adminuser.yaml
10.扩展计算节点 在所有node节点上使用kubeadm config命令生成yaml文件,并通过yaml文件将node节点加入kubernetes集群。完成后在master节点上查看所有节点状态。
请将kubectl get nodes命令的返回结果提交到答题框。【0.5分】
1 2 3 4 5 [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 22d v1.18.1 node1 Ready <none> 22d v1.18.1 node2 Ready <none> 22d v1.18.1
过程:
1 2 3 4 5 6 7 8 9 10 11 12 kubeadm config print join-defaults > kubeadm-config.yaml apiServerEndpoint:连接apiserver的地址,即master的api地址,这里可以改为192.168.200.162:6443,如果master集群部署的话,这里需要改为集群vip地址 token及tlsBootstrapToken:连接master使用的token,这里需要与master上的InitConfiguration中的token配置一致 name:node节点的名称,如果使用主机名,需要确保master节点可以解析该主机名。否则的话可直接使用ip地址 kubeadm join --config kubeadm-config.yaml kubectl get nodes
任务三 存储配置(5分) 1.NFS配置 在master节点安装nfs,并配置6个共享目录,启动后查看共享目录。并在各node节点安装nfs客户端并查看共享目录。
请将showmount -e master命令的返回结果提交至答题框。【2分】
1 2 3 4 5 6 7 8 [root@node1 ~]# showmount -e master Export list for master: /nfs6 * /nfs5 * /nfs4 * /nfs3 * /nfs2 * /nfs1 *
过程:
master
1 2 3 4 5 6 7 8 9 10 11 12 13 yum install -y nfs-utils rpcbind vi /etc/exports /nfs1 *(rw,sync ,no_root_squash,no_subtree_check) /nfs2 *(rw,sync ,no_root_squash,no_subtree_check) /nfs3 *(rw,sync ,no_root_squash,no_subtree_check) /nfs4 *(rw,sync ,no_root_squash,no_subtree_check) /nfs5 *(rw,sync ,no_root_squash,no_subtree_check) /nfs6 *(rw,sync ,no_root_squash,no_subtree_check) systemctl start nfs-server rpcbind systemctl enable nfs-server rpcbind
其他节点:
1 2 #yum install -y nfs-utils showmount -e master
2.PV配置 每一个Redis Pod都需要一个独立的PV来存储自己的数据,创建一个pv.yaml文件,包含6个PV,分别对应nfs中的6个共享目录。
请将yaml文件中的内容提交至答题框。【2分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 cat pv.yaml apiVersion: v1 kind: PersistentVolume metadata: name: pv1 spec: nfs: server: 192.168 .200 .162 path: /nfs1 capacity: storage: 1Gi accessModes: ["ReadWriteMany" ,"ReadOnlyMany" ] --- apiVersion: v1 kind: PersistentVolume metadata: name: pv2 spec: nfs: server: 192.168 .200 .162 path: /nfs2 capacity: storage: 1Gi accessModes: ["ReadWriteMany" ,"ReadOnlyMany" ] --- apiVersion: v1 kind: PersistentVolume metadata: name: pv3 spec: nfs: server: 192.168 .200 .162 path: /nfs3 capacity: storage: 1Gi accessModes: ["ReadWriteMany" ,"ReadOnlyMany" ] --- apiVersion: v1 kind: PersistentVolume metadata: name: pv4 spec: nfs: server: 192.168 .200 .162 path: /nfs4 capacity: storage: 1Gi accessModes: ["ReadWriteMany" ,"ReadOnlyMany" ] --- apiVersion: v1 kind: PersistentVolume metadata: name: pv5 spec: nfs: server: 192.168 .200 .162 path: /nfs5 capacity: storage: 1Gi accessModes: ["ReadWriteMany" ,"ReadOnlyMany" ] --- apiVersion: v1 kind: PersistentVolume metadata: name: pv6 spec: nfs: server: 192.168 .200 .162 path: /nfs6 capacity: storage: 1Gi accessModes: ["ReadWriteMany" ,"ReadOnlyMany" ]
3.创建Configmap 将提供的redis.conf配置文件创建为名称为redis-conf的Configmap对象,创建成功后,查看redis-conf的详细信息。
请将kubectl describe cm redis-conf命令的返回结果提交至答题框。【0.5分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [root@master yaml]# kubectl describe cm redis-conf Name: redis-config Namespace: default Labels: <none> Annotations: <none> Data ==== redis.conf: ---- appendonly yes cluster-enabled yes cluster-config-file /var/lib/redis/nodes.conf cluster-node-timeout 5000 dir /var/lib/redisport 6379 Events: <none>
过程:
1 2 kubectl create configmap redis-confg --from-file=/root/redis.conf
4.导入镜像 使用提供的redis.tar导入所需的镜像,并重新修改镜像tag并将镜像上传至harbor镜像仓库中。
请将上述操作的所有命令提交至答题框。【0.5分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@master ~]# docker load -i redis.tar 9f54eef41275: Loading layer 75.16MB/75.16MB e9e9d8cf772b: Loading layer 3.584kB/3.584kB 8b504a175fb9: Loading layer 229.7MB/229.7MB Loaded image: ubuntu:redis-trip 2edcec3590a4: Loading layer 83.86MB/83.86MB 9b24afeb7c2f: Loading layer 338.4kB/338.4kB 4b8e2801e0f9: Loading layer 4.274MB/4.274MB 529cdb636f61: Loading layer 27.8MB/27.8MB 9975392591f2: Loading layer 2.048kB/2.048kB 8e5669d83291: Loading layer 3.584kB/3.584kB Loaded image: redis:latest [root@master ~]# docker tag redis:latest 192.168.200.165/library/redis:latest [root@master ~]# docker push 192.168.200.165/library/redis:latest The push refers to repository [192.168.200.165/library/redis] 8e5669d83291: Pushed 9975392591f2: Pushed 529cdb636f61: Pushed 4b8e2801e0f9: Pushed 9b24afeb7c2f: Pushed 2edcec3590a4: Pushed latest: digest: sha256:563888f63149e3959860264a1202ef9a644f44ed6c24d5c7392f9e2262bd3553 size: 1573
任务四redis集群部署(10分) 1.基于StatefulSet创建Redis集群节点 编写redis.yml文件,创建statefulset资源,基于redis镜像创建6个pod副本,并且通过pod的亲和性配置保证pod尽量分散在不同的节点上,然后通过volumeMounts将pv及redis-conf的Configmap分别挂载到各个容器中。然后基于该文件创建redis集群节点,完成后查看所有redis的pod资源。
请将kubectl get pods -o wide命令的返回结果提交至答题框。【3分】
1 2 3 4 5 6 7 8 9 [root@master yaml]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES redis-app-0 1/1 Running 0 9s 10.244.1.5 node2 <none> <none> redis-app-1 1/1 Running 0 8s 10.244.2.10 node1 <none> <none> redis-app-2 1/1 Running 0 6s 10.244.0.6 master <none> <none> redis-app-3 1/1 Running 0 5s 10.244.1.6 node2 <none> <none> redis-app-4 1/1 Running 0 4s 10.244.2.11 node1 <none> <none> redis-app-5 1/1 Running 0 2s 10.244.1.7 node2 <none> <none>
redis.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-app spec: serviceName: "redis-service" replicas: 6 selector: matchLabels: app: redis template: metadata: labels: app: redis appCluster: redis-cluster spec: terminationGracePeriodSeconds: 20 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - redis topologyKey: kubernetes.io/hostname containers: - name: redis image: 192.168 .200 .165 /library/redis:latest command: - "redis-server" args: - "/etc/redis/redis.conf" - "--protected-mode" - "no" resources: requests: cpu: "100m" memory: "100Mi" ports: - name: redis containerPort: 6379 protocol: "TCP" - name: cluster containerPort: 16379 protocol: "TCP" volumeMounts: - name: "redis-conf" mountPath: "/etc/redis" - name: "redis-data" mountPath: "/var/lib/redis" volumes: - name: "redis-conf" configMap: name: "redis-conf" items: - key: "redis.conf" path: "redis.conf" volumeClaimTemplates: - metadata: name: redis-data spec: accessModes: - ReadWriteMany resources: requests: storage: 200M
2.redis集群初始化 使用ubuntu:redis-trib中的redis-trib工具对redis集群进行初始化,初始化后3个master节点,3个slave节点,3个master节点各对应一个slave节点。初始化成功后查看集群状态。
连结到任意一个Redis Pod将cluster nodes命令的返回结果提交至答题框。【3分】
3.为redis集群配置service 编写service.yaml文件创建一个Service,用于为Redis集群提供访问和负载均衡,代理redis集群,在K8S集群中暴露6379端口,创建成功后,查看service状态。
请将kubectl get svc redis-access-service -o wide命令的返回结果提交至答题框。【2分】
1 2 3 4 [root@master yaml]# kubectl get svc redis-access-service -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR redis-access-service ClusterIP 10.104.245.9 <none> 6379/TCP 2s app=redis,appCluster=redis-cluster
vi service.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 apiVersion: v1 kind: Service metadata: name: redis-access-service labels: app: redis spec: ports: - name: redis-port protocol: "TCP" port: 6379 targetPort: 6379 selector: app: redis appCluster: redis-cluster
4.集群主从切换 任意选择一个redis的master节点,进入该pod中查看该节点在集群中的角色信息,然后将该节点pod手动删除,然后查看状态,重新创建后,进入该pod查看节点角色信息及集群信息。查看是否自动完成主从切换。
最后进入该pod将role命令的返回结果提交至答题框。【2分】
C场次题目:企业级应用的自动化部署和运维
设备名称
主机名
接口
ip地址
角色
云服务器1
monitor
ens33
192.168.200.100
prometheus.grafana,ansible
云服务器2
slave1
ens33
192.168.200.101
agent
云服务器3
slave2
ens33
192.168.200.102
agent
任务1企业级应用的自动化部署(17分) 1.ansible自动化运维工具的安装 请使用提供的软件包在monitor节点安装ansible,安装完成后使用ansible –version命令验证是否安装成功。为所有节点添加test用户,设置用户密码为000000,为test用户设置免密sudo,配置ssh免密登录,使monitor节点能够免密登录所有节点的test用户。
请将ansible –version命令的返回结果提交到答题框。【3分】
1 2 3 4 5 6 7 8 ansible --version ansible 2.4.6.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules' , u'/usr/share/ansible/plugins/modules' ] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
过程:
monitor
1 2 3 4 5 6 #安装依赖 yum install -y jinja2 PyYAML cryptography rpm -ivh ansible-2.4.6.0-1.el7.ans.noarch.rpm ansible --version
全部节点
1 2 3 4 5 useradd test passwd test # 设置免密sudo 在root ALL=(ALL) ALL下面添加 visudo test ALL=(ALL) NOPASSWD:ALL
monitor
1 2 3 4 ssh-keygen ssh-copy-id test@192.168.200.100 ssh-copy-id test@192.168.200.101 ssh-copy-id test@192.168.200.102
2.ansible 自动化运维工具的初始化【3 分】 创建 /root/ansible 目录作为工作目录,在该目录内创建 ansible.cfg 文件并完成以下配置,清单文件位置为 /root/ansible/inventory,登录用户为 test,登录时不需要输入密码。设置并行主机数量为 2,允许 test 用户免密提权到 root。
将 ansible.cfg 文件内容粘贴到答题框。
1 2 3 4 5 6 7 8 9 10 [defaults] inventory=./inventory forks=2 remote_user=test ask_pass=false [privilege_escalation] become=true become_method=sudo become_user=root become_ask_pass=false
过程:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 # 创建工作目录 mkdir /root/ansible # 编辑cfg vi ansible.cfg [defaults] inventory=./inventory forks=2 remote_user=test ask_pass=false [privilege_escalation] become=true become_method=sudo become_user=root become_ask_pass=false
3.主机清单的编写。
编写主机清单文件,创建monitor用户组,monitor用户组内添加monitor主机,创建slave用户组, slave组内添加slave1和slave2主机,主机名不得使用IP地址。
请将ansible all -m ping命令的返回结果提交至答题框。【2分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@monitor ansible]# ansible all -m ping [WARNING]: Found both group and host with same name: master slave2 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } slave1 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } monitor | SUCCESS => { "changed": false, "failed": false, "ping": "pong" }
过程:
1 2 3 4 5 6 7 8 9 10 11 12 192.168.200.100 monitor 192.168.200.101 slave1 192.168.200.102 slave2 vi inventory [monitor] monitor [slave] slave1 slave2
4.使用自动化工具对 master 节点进行初始化【2 分】 请编写 prometheus.yml 控制 monitor 主机组,使用对应模块将 SELinux 临时状态和开机启动状态也设置为 disabled。请使用 ansible 对应模块安装时间同步服务,使用文本编辑模块将该服务的作用域设置为 0.0.0.0/0,并设置状态为启动和开机自动启动。首先将提供的 prometheus-2.37.0.linux-amd64.tar.gz 使用文件拷贝模块将该压缩包拷贝到目标主机的/usr/local/ 下,使用 shell 模块解压该压缩包。
请将prometheus.yml文件中的内容提交至答题框。【4分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 - hosts: monitor remote_user: root tasks: - name: SELINUX=disabled selinux: state=disabled - name: stop firewalld shell: 'sudo systemctl stop firewalld && sudo systemctl disable firewalld' - name: install chrony yum: name=chrony state=present - name: allow 0.0 .0 .0 /0 blockinfile: path=/etc/chrony.conf block="allow 0.0 .0 .0 /0" - name: start chrony service: name=chronyd state=started enabled=yes - name: copy promethus copy: src=/root/prometheus-2.37.0.linux-amd64.tar.gz dest=/usr/local/ - name: tar prometheus shell: 'sudo tar -zxvf /usr/local/prometheus-2.37.0.linux-amd64.tar.gz -C /usr/local'
过程:
1 需要上传Prometheus到root目录下,在工作目录下创建prometheus.yml
5.使用自动化运维工具完成企业级应用的部署。
编写prometheus.yml.j2模板文件,将所有slave节点信息添加到该文件中,但是被管节点的主机名信息必须使用变量IP地址可以手动输入。完成后请创建node_exporter.yml文件,编写第一个play,将该play命名为slave,该play控制的主机组为slave,使用ansible模块将node_exporter-1.3.1.linux-amd64.tar.gz发送到slave主机组的/usr/local/下,使用一个shell模块解压该压缩包,并启动该服务。随后编写第二个play,将第二个play命名为monitor,第二个play控制monitor节点,首先使用ansible模块将prometheus.yml.j2文件传输到monitor节点,然后使用script模块将prometheus启动。使用对应模块将grafana-8.1.2-1.x86_64.rpm包发送到被控节点的/mnt/目录下,然后使用对应模块将该软件包安装,安装完成后设置grafana服务启动并设置开机自动启动。使用浏览器登录prometheus查看prometheus是否成功监控所有slave节点。
请将node_exporteryml文件内容提交到答题框。【5分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 --- - hosts: slave name: slave tasks: - name: copy node_expose copy: src=/root/node_exporter-1.3.1.linux-amd64.tar.gz dest=/usr/local/ - name: tar node_expose shell: 'sudo tar -zxvf /usr/local/node_exporter-1.3.1.linux-amd64.tar.gz -C /usr/local/' - name: start node_export shell: 'sudo nohup /usr/local/node_exporter-1.3.1.linux-amd64/node_exporter &' - hosts: monitor name: monitor vars: node1: 192.168 .200 .101 node2: 192.168 .200 .102 tasks: - name: template j2 template: src=./prometheus.yml.j2 dest=/usr/local/prometheus-2.37.0.linux-amd64/prometheus.yml - name: start prometheus script: /root/ansible/nohup.sh - name: copy grafana copy: src=/root/grafana-8.1.2-1.x86_64.rpm dest=/mnt/ - name: install repaired shell: 'sudo yum install -y fontconfig urw-fonts ' - name: install grafana shell: 'sudo rpm -ivh /mnt/grafana-8.1.2-1.x86_64.rpm' - name: enable gtafana service: name=grafana-server state=started enabled=yes
过程:
prometheus.yml.j2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 global: scrape_interval: 15s evaluation_interval: 15s alerting: alertmanagers: - static_configs: - targets: rule_files: scrape_configs: - job_name: "prometheus" static_configs: - targets: ["localhost:9090" ] - job_name: "node_exporter" static_configs: - targets: ["{{node1}}:9100" ,"{{node2}}:9100" ]
node_exporter.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 --- - hosts: slave name: slave tasks: - name: copy node_expose copy: src=/root/node_exporter-1.3.1.linux-amd64.tar.gz dest=/usr/local/ - name: tar node_expose shell: 'sudo tar -zxvf /usr/local/node_exporter-1.3.1.linux-amd64.tar.gz -C /usr/local/' - name: start node_export shell: 'sudo nohup /usr/local/node_exporter-1.3.1.linux-amd64/node_exporter &' - hosts: monitor name: monitor vars: node1: 192.168 .200 .101 node2: 192.168 .200 .102 tasks: - name: template j2 template: src=./prometheus.yml.j2 dest=/usr/local/prometheus-2.37.0.linux-amd64/prometheus.yml - name: start prometheus script: /root/ansible/nohup.sh - name: copy grafana copy: src=/root/grafana-8.1.2-1.x86_64.rpm dest=/mnt/ - name: install repaired shell: 'sudo yum install -y fontconfig urw-fonts ' - name: install grafana shell: 'sudo rpm -ivh /mnt/grafana-8.1.2-1.x86_64.rpm' - name: enable gtafana service: name=grafana-server state=started enabled=yes
1 2 3 4 5 nohup.sh cd /usr/local/prometheus-2.37.0.linux-amd64/nohup ./prometheus &
任务 2 企业级应用的运维(12 分) 1.使用 prometheus 监控 mysqld 服务 将提供的mysqld_exporter-0.14.0.linux-amd64.tar.gz 发送到agent虚拟机/usr/local/目录下解压并安装mariadb服务。进入mariadb数据库中创建mysqld_monitor用户并授权,然后创建mariadb配置文件,内容为数据库用户名密码。启动mysqld_exporter组件确保9104端口启动。回到prometheus节点修改prometheus.yml文件并添加mysql被监控信息。重启prometheus,随后web界面刷新并查看mysqld被控信息。
请将ps -ef | grep prometheus命令的返回结果提交至答题框。【3分】
1 2 3 [root@monitor prometheus-2.37.0.1inuax-amd64]# ps -ef l grep prometheus root 23115 23073 006:50 pts/5 00:00:00 ./prometheus root 23125 23073 006:51 pts/5 00:00:00 grep --color=auto prometheus
过程:
vi mysqld_exporter.yml
1 2 3 4 5 6 7 8 9 10 11 12 --- - hosts: slave name: slave tasks: - name: copy mysqld_exporter copy: src=/root/mysqld_exporter-0.14.0.linux-amd64.tar.gz dest=/usr/local/ - name: tar it shell: 'sudo tar -zxvf /usr/local/mysqld_exporter-0.14.0.linux-amd64.tar.gz -C /usr/local' - name: anzhuang mariadb shell: 'sudo yum install -y mariadb*' - name: start mysqld service: name=mariadb state=started enabled=yes
在agent节点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 mysql >grant select ,replication client,process ON *.* to 'mysql_monitor' @'localhost' identified by '123' ; >flush privileges; > quit vi /usr/local/mysqld_exporter-0.14.0.linux-amd64/.my.cnf [client] user=mysql_monitor password=123 nohup /usr/local/mysqld_exporter-0.14.0.linux-amd64/mysqld_exporter --config.my-cnf=/usr/local/mysqld_exporter-0.14.0.linux-amd64/.my.cnf &netstat -nltp | grep 9104
回到master节点
1 2 3 4 5 6 7 8 9 vi /usr/local/prometheus-2.37.0.linux-amd64/prometheus.yml - job_name: 'mysql' static_configs: - targets: ['192.168.200.101:9104','192.168.200.102:9104'] #重启服务 pkill prometheus nohup /usr/local/prometheus-2.37.0.linux-amd64/prometheus &
⒉.安装alertmanager报警组件 将提供的alertmanager-0.21.0.linux-amd64.tar.gz上传到prometheus节点/usr/local/目录下并解压,创建软连接alertmanager-0.23.0.linux-amd64/alertmanager。创建service启动文件名为alertmanager.service,然后启动alertmanager查看9093端口。在prometheus.yml配置文件中添加alertmanager信息并重新启动prometheus服务,在agent上停止node_exporter服务。到web界面中查看警报管理器状态是否正常和agent状态是否异常。
请将alertmanager.service添加的内容提交到答题框。【3分】
1 2 3 4 5 6 7 8 9 [Unit] Description=alertmanager [Service] ExecStart=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager --config.file=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager.yml ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target
过程
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 tar -zxvf alertmanager-0.21.0.linux-amd64.tar.gz -C /usr/local/ ln -s alertmanager-0.23.0.linux-amd64/ alertmanagervi /usr/lib/systemd/system/alertmanager.service [Unit] Description=alertmanager [Service] ExecStart=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager --config.file=/usr/local/alertmanager-0.21.0.linux-amd64/alertmanager.yml ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target systemctl daemon-reload systemctl start alertmanager - job_name: 'altermanager' static_configs: - targets: ['localhost:9093' ] pkill prometheus nohup /usr/local/prometheus/prometheus.yml &
agent
1 2 pkill node_exporter nohup /usr/local/node_exporter-1.3.1.linux-amd64/node_exporter &
3.alertmanager告警邮件文件编写 Prometheus虚拟机/usr/local/akertmanager/中存在着一个alertmanager.yml文件,请根据提供的地址和模板编写告警所发送到的email邮箱地址信息。
将alertmanager.yml文件修改的内容提交至答题框。【3分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 smtp_auth_username: "1234567890@qq.com" smtp_auth_password: "auth_pass" smtp_require_tls: false route: receiver: ops group_wait: 30s group_interval: 5m repeat_interval: 24h group_by: [alertname ] routes: - match: team: operations group_by: [env ,dc ] receiver: 'ops' - receiver: ops group_wait: 10s match: team: operations receivers: - name: ops email_configs: - to: '9935226@qq.com,xxxxx@qq.com' send_resolved: true headers: from: "警报中心" subject: "[operations] 报警邮件" to: "小煜狼皇"
4.alertmanager告警规则编写
在prometheus虚拟机的prometheus路径下存在一个/rules目录,目录下有一个node_rules.yml文件。请根据提供信息仿照模板编写:
1.内存大于50%报警规则;
2.cpu资源利用率大于75%报警规则;
3.主机磁盘每秒读取数据>5OMB%报警规则;部门名称自定义。
请将上述三项规则的内容提交至答题框。【3分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 groups: - name: node_health rules: - alert: HighMemoryUsage expr: 1 -(node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes) > 0.75 for: 1m labels: severity: warning annotations: summary: High memory usage - alert: HighCPUUseage expr: 1 -sum(increase(node_cpu_seconds_total{mode="idle"}[1m])) by (instance) / sum(increase(node_cpu_seconds_total[1m])) by (instance) > 0.75 for: 1m labels: severity: warning annotations: summary: High CPU usage - alert: HighReadTime expr: sum(irate(node_disk_read_bytes_total[1m])) by (instance) > 50 for: 1m labels: severity: warning annotations: summary: High Read Time
过程
1 2 3 4 5 6 7 8 在prometheus路径下创建一个/rules目录,并创建yml文件 创建完成后修改prometheus.yml文件 rule_files: - "./rules/node_rules.yml" pkill prometheus nohup /usr/local/prometheus-2.37.0.linux-amd64/prometheus &
1.表4中的公网IP和私网IP以自己云主机显示为准,每个人的公网IP和私网IP不同。使用第三方软件远程连接云主机,使用公网IP连接。
2.华为云中云主机名字已命好,直接使用对应名字的云主机即可。
公司在原有的系统集群监控方案中一直使用的是单节点server的zabbix的监控方案但是在使用过程中经常出现server节点宕机等相关问题,公司给技术部下达了解决该问题的通知。经过公司技术部的技术研讨决定使用zabbix+keealived的解决方案决定使用数据库分离以及双节点server的方式去解决该问题,请根据技术部的技术指标完成下列操作。
任务三: 企业级运维(zabbix) 1.完成zabbix 5.0 LTS版本的安装 本次zabbix集群决定使用4台主机去实现该功能分别为两台server一台DB服务一台agent服务请按照要求将zabbix搭建完成。
将两台server节点的主页截图黏贴至答题框。【3分】
2.keepalive的高可用配置 根据要求完成keepalived的安装与配置要求keepalivedip为10结尾,绑定外网网卡、密码为000000、router_id为100、master节点权重100,backup节点权重80,同时修改相应zabbix监控配置项将所有监控项目引入此ip做到高可用配置。
完成操作后将主页登录界面提交至答题框。【4分】
3.编写状态切换脚本
在keepalived中编写状态切换脚本(check_zabbix_server),监控zabbix-server是否正常工作,并可在主机出现故障后迅速切换到backup节点提供服务。
请将cat /etc/keepalived/keepalived.conf内容提交至答题框。【4分】
微信
支付宝
