-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathatom.xml
582 lines (358 loc) · 323 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Pystack.org</title>
<icon>https://www.gravatar.com/avatar/dd7bd216caddfcf24542754b94eb988d</icon>
<subtitle>Time waits for no one.</subtitle>
<link href="/atom.xml" rel="self"/>
<link href="http://pystack.org/"/>
<updated>2018-12-12T09:33:18.090Z</updated>
<id>http://pystack.org/</id>
<author>
<name>moose</name>
<email>[email protected]</email>
</author>
<generator uri="http://hexo.io/">Hexo</generator>
<entry>
<title>Openstack虚拟机连接接口</title>
<link href="http://pystack.org/2018/08/25/openstack-hotplug-nic-in-centos7/"/>
<id>http://pystack.org/2018/08/25/openstack-hotplug-nic-in-centos7/</id>
<published>2018-08-25T13:39:24.000Z</published>
<updated>2018-12-12T09:33:18.090Z</updated>
<content type="html"><![CDATA[<h2 id="问题"><a href="#问题" class="headerlink" title="问题:"></a>问题:</h2><p>Openstack虚拟机更换网络(先分离接口再连接接口)的时候,windows7,ubuntu都能够自动识别并配置新的网络,但是centos7更换网络的时候,网卡状态是DOWN,无法自动UP. 使用ifup命令或者重启network服务都会提示错误.手动重启虚拟机或者先ifdown再ifup网卡才能得到ip地址.</p><ul><li>连接接口时控制台打印输出:<br><img src="/assets/img/after-plugin.png" alt=""></li></ul><a id="more"></a><ul><li><p>查看网络信息<br><img src="/assets/img/ip-addr-down.png" alt=""></p></li><li><p>启动(up)网卡<br><img src="/assets/img/ifup-eth0.png" alt=""></p></li></ul><p>启动网卡时命令报错: dhclient(732) is already running - exiting.</p><h2 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h2><p>查看ifup的代码会发现,在启动网卡时,会生成一个网卡对应的dhclient-<em>*</em>.pid的进程文件,连接接口的时候,这个进程并没有被关闭,所以再次启动的时候会提示dhclient is already running</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> [ -n <span class="string">"<span class="variable">${DYNCONFIG}</span>"</span> ] && [ -x /sbin/dhclient ]; <span class="keyword">then</span></span><br><span class="line"> <span class="keyword">if</span> [[ <span class="string">"<span class="variable">${PERSISTENT_DHCLIENT}</span>"</span> = [yY1]* ]]; <span class="keyword">then</span></span><br><span class="line"> ONESHOT=<span class="string">""</span>;</span><br><span class="line"> <span class="keyword">else</span></span><br><span class="line"> ONESHOT=<span class="string">"-1"</span>;</span><br><span class="line"> <span class="keyword">fi</span>;</span><br><span class="line"> generate_config_file_name</span><br><span class="line"> generate_lease_file_name</span><br><span class="line"> DHCLIENTARGS=<span class="string">"<span class="variable">${DHCLIENTARGS}</span> -H <span class="variable">${DHCP_HOSTNAME:-${HOSTNAME%%.*}</span>} <span class="variable">${ONESHOT}</span> -q <span class="variable">${DHCLIENTCONF}</span> -lf <span class="variable">${LEASEFILE}</span> -pf /var/run/dhclient-<span class="variable">${DEVICE}</span>.pid"</span></span><br><span class="line"> <span class="built_in">echo</span></span><br><span class="line"> <span class="built_in">echo</span> -n $<span class="string">"Determining IP information for <span class="variable">${DEVICE}</span>..."</span></span><br><span class="line"> <span class="keyword">if</span> [[ <span class="string">"<span class="variable">${PERSISTENT_DHCLIENT}</span>"</span> != [yY1]* ]] && check_link_down <span class="variable">${DEVICE}</span>; <span class="keyword">then</span></span><br><span class="line"> <span class="built_in">echo</span> $<span class="string">" failed; no link present. Check cable?"</span></span><br><span class="line"> <span class="built_in">exit</span> 1</span><br><span class="line"> <span class="keyword">fi</span></span><br><span class="line"></span><br><span class="line"> ethtool_set</span><br><span class="line"></span><br><span class="line"> <span class="keyword">if</span> /sbin/dhclient <span class="variable">${DHCLIENTARGS}</span> <span class="variable">${DEVICE}</span> ; <span class="keyword">then</span></span><br><span class="line"> <span class="built_in">echo</span> $<span class="string">" done."</span></span><br><span class="line"> dhcpipv4=<span class="string">"good"</span></span><br><span class="line"> <span class="keyword">else</span></span><br><span class="line"> <span class="built_in">echo</span> $<span class="string">" failed."</span></span><br><span class="line"> <span class="keyword">if</span> [[ <span class="string">"<span class="variable">${IPV4_FAILURE_FATAL}</span>"</span> = [Yy1]* ]] ; <span class="keyword">then</span></span><br><span class="line"> <span class="built_in">exit</span> 1</span><br><span class="line"> <span class="keyword">fi</span></span><br><span class="line"> <span class="keyword">if</span> [[ <span class="string">"<span class="variable">$IPV6INIT</span>"</span> = [nN0]* || <span class="string">"<span class="variable">$DHCPV6C</span>"</span> != [yY1]* ]] ; <span class="keyword">then</span></span><br><span class="line"> <span class="built_in">exit</span> 1</span><br><span class="line"> <span class="keyword">fi</span></span><br><span class="line"> net_log <span class="string">"Unable to obtain IPv4 DHCP address <span class="variable">${DEVICE}</span>."</span> warning</span><br><span class="line"> <span class="keyword">fi</span></span><br></pre></td></tr></table></figure><p>使用ps命令查看进程</p><p><img src="/assets/img/ps-ef-grep-dhclient.png" alt=""></p><p>所以解决方法就是杀掉这个进程,再次启动网卡</p><p><img src="/assets/img/kill-9-ifup-eth0.png" alt=""></p><p>或者用dhclient命令释放当前进程</p><figure class="highlight 1c"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">dhclient -r <span class="meta">&& dhclient</span></span><br></pre></td></tr></table></figure><hr><p>上面的解决方法只是临时方案,虽然系统能够自动识别网卡,但是必须要用户进入到虚拟机内手动执行命令之后才能得到ip地址,那怎样才能一步到位呢?</p>]]></content>
<summary type="html">
<h2 id="问题"><a href="#问题" class="headerlink" title="问题:"></a>问题:</h2><p>Openstack虚拟机更换网络(先分离接口再连接接口)的时候,windows7,ubuntu都能够自动识别并配置新的网络,但是centos7更换网络的时候,网卡状态是DOWN,无法自动UP. 使用ifup命令或者重启network服务都会提示错误.手动重启虚拟机或者先ifdown再ifup网卡才能得到ip地址.</p>
<ul>
<li>连接接口时控制台打印输出:<br><img src="/assets/img/after-plugin.png" alt=""></li>
</ul>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="Openstack" scheme="http://pystack.org/tags/Openstack/"/>
<category term="centos" scheme="http://pystack.org/tags/centos/"/>
<category term="hotplug" scheme="http://pystack.org/tags/hotplug/"/>
</entry>
<entry>
<title>No valid host was found</title>
<link href="http://pystack.org/2018/07/29/nova-schedule-no-valid-host-was-found/"/>
<id>http://pystack.org/2018/07/29/nova-schedule-no-valid-host-was-found/</id>
<published>2018-07-29T04:19:24.000Z</published>
<updated>2018-08-01T09:27:31.871Z</updated>
<content type="html"><![CDATA[<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>多个计算节点,创建虚拟机的时候发现有一个节点上面虚拟机特别少,别的节点(节点服务器品牌配置都相同)虚拟机都差不多。手动指定那个少的节点创建虚拟机会提示创建失败(no valid host was found),明明hypervisor页面显示用的量很少,服务器的硬件资源空闲也很多,但就是建不了虚拟机。</p><a id="more"></a><h2 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h2><p>查看代码发现nova会把allocations表里面的数据都加起来计算已使用的量</p><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">usage = sa.select([_ALLOC_TBL<span class="selector-class">.c</span><span class="selector-class">.resource_provider_id</span>,</span><br><span class="line"> sql<span class="selector-class">.func</span><span class="selector-class">.sum</span>(_ALLOC_TBL<span class="selector-class">.c</span><span class="selector-class">.used</span>).label(<span class="string">'used'</span>)])</span><br><span class="line">usage = usage.where(_ALLOC_TBL<span class="selector-class">.c</span><span class="selector-class">.resource_class_id</span> == rc_id)</span><br><span class="line">usage = usage.group_by(_ALLOC_TBL<span class="selector-class">.c</span><span class="selector-class">.resource_provider_id</span>)</span><br><span class="line">usage = sa.alias(usage, name=<span class="string">'usage'</span>)</span><br></pre></td></tr></table></figure><p>查找对应的host的allocations</p><figure class="highlight n1ql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">SELECT</span> * <span class="keyword">FROM</span> nova_api.resource_providers;</span><br><span class="line"></span><br><span class="line"><span class="keyword">SELECT</span> * <span class="keyword">FROM</span> nova_api.allocations <span class="keyword">where</span> resource_provider_id=<span class="number">2</span>;</span><br></pre></td></tr></table></figure><p>连接数据库后发现节点2没有虚拟机,但是allocations表内却有几百条数据,手动清空allocations表再次创建虚拟机发现节点正常了。</p>]]></content>
<summary type="html">
<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>多个计算节点,创建虚拟机的时候发现有一个节点上面虚拟机特别少,别的节点(节点服务器品牌配置都相同)虚拟机都差不多。手动指定那个少的节点创建虚拟机会提示创建失败(no valid host was found),明明hypervisor页面显示用的量很少,服务器的硬件资源空闲也很多,但就是建不了虚拟机。</p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="nova" scheme="http://pystack.org/tags/nova/"/>
<category term="schedule" scheme="http://pystack.org/tags/schedule/"/>
</entry>
<entry>
<title>openstack rpm打包</title>
<link href="http://pystack.org/2018/06/01/openstack-rpm-package/"/>
<id>http://pystack.org/2018/06/01/openstack-rpm-package/</id>
<published>2018-06-01T10:39:24.000Z</published>
<updated>2019-04-02T01:52:23.666Z</updated>
<content type="html"><![CDATA[<h2 id="下载源码包"><a href="#下载源码包" class="headerlink" title="下载源码包"></a>下载源码包</h2><p>wget <a href="https://mirrors.aliyun.com/repo/epel-7.repo" target="_blank" rel="external">https://mirrors.aliyun.com/repo/epel-7.repo</a><br>wget -O /etc/yum.repos.d/CentOS-Base.repo <a href="http://mirrors.aliyun.com/repo/Centos-7.repo" target="_blank" rel="external">http://mirrors.aliyun.com/repo/Centos-7.repo</a></p><p><a href="http://vault.centos.org/centos/7/cloud/Source/openstack-queens/" target="_blank" rel="external">http://vault.centos.org/centos/7/cloud/Source/openstack-queens/</a></p><figure class="highlight awk"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget http:<span class="regexp">//</span>vault.centos.org<span class="regexp">/centos/</span><span class="number">7</span><span class="regexp">/cloud/</span>Source<span class="regexp">/openstack-queens/</span>openstack-neutron-<span class="number">12.0</span>.<span class="number">2</span>-<span class="number">1</span>.el7.src.rpm</span><br></pre></td></tr></table></figure><h2 id="安装依赖工具"><a href="#安装依赖工具" class="headerlink" title="安装依赖工具"></a>安装依赖工具</h2><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install </span>rpm-<span class="keyword">build </span>–y</span><br><span class="line"></span><br><span class="line">groupadd mockbuild</span><br><span class="line">useradd mockbuild -g mockbuild</span><br></pre></td></tr></table></figure><a id="more"></a><h2 id="安装源码包"><a href="#安装源码包" class="headerlink" title="安装源码包"></a>安装源码包</h2><figure class="highlight css"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="selector-tag">rpm</span> <span class="selector-tag">-Uvh</span> <span class="selector-tag">openstack-neutron-12</span><span class="selector-class">.0</span><span class="selector-class">.2-1</span><span class="selector-class">.el7</span><span class="selector-class">.src</span><span class="selector-class">.rpm</span></span><br></pre></td></tr></table></figure><h2 id="设置环境变量"><a href="#设置环境变量" class="headerlink" title="设置环境变量"></a>设置环境变量</h2><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="builtin-name">export</span> <span class="attribute">LC_ALL</span>=en_US.UTF-8</span><br></pre></td></tr></table></figure><h2 id="安装包依赖"><a href="#安装包依赖" class="headerlink" title="安装包依赖"></a>安装包依赖</h2><figure class="highlight stata"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">yum install centos-release-openstack-queens</span><br><span class="line"></span><br><span class="line"><span class="keyword">cd</span> rpmbuild</span><br><span class="line">yum install `rpmbuild -bb SPECS/openstack-neutron.spec 2>&1 | grep <span class="string">"needed"</span> | awk '{<span class="keyword">print</span> <span class="variable">$1}</span>'` -<span class="built_in">y</span></span><br></pre></td></tr></table></figure><h2 id="修改源码"><a href="#修改源码" class="headerlink" title="修改源码"></a>修改源码</h2><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">解压压缩包 SOURCES/neutron-<span class="number">12.0</span>.<span class="number">2</span><span class="selector-class">.tar</span><span class="selector-class">.gz</span> </span><br><span class="line">修改项目源码</span><br><span class="line">重新压缩</span><br></pre></td></tr></table></figure><h2 id="重新打包"><a href="#重新打包" class="headerlink" title="重新打包"></a>重新打包</h2><figure class="highlight ada"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">rpmbuild <span class="comment">--clean -bb SPECS/openstack-neutron.spec</span></span><br></pre></td></tr></table></figure><h2 id="安装"><a href="#安装" class="headerlink" title="安装"></a>安装</h2><figure class="highlight jboss-cli"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">cd</span> RPMS/noarch/ </span><br><span class="line">yum localinstall *<span class="string">.rpm</span></span><br></pre></td></tr></table></figure><hr><h2 id="打包cinder的时候报错:"><a href="#打包cinder的时候报错:" class="headerlink" title="打包cinder的时候报错:"></a>打包cinder的时候报错:</h2><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">Warning, treated as error:</span><br><span class="line">/root/rpmbuild/BUILD/cinder-12.0.3/cinder/api/v3/attachments.py:docstring of cinder.api.v3.attachments.AttachmentsController.update:8:Cannot <span class="keyword">analyze</span> code. <span class="keyword">No</span> Pygments lexer <span class="keyword">found</span> <span class="keyword">for</span> <span class="string">"json"</span>.</span><br><span class="line"><span class="keyword">error</span>: Bad <span class="keyword">exit</span> <span class="keyword">status</span> <span class="keyword">from</span> /<span class="keyword">var</span>/tmp/rpm-tmp.pKb3Oo (%<span class="keyword">install</span>)</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">RPM <span class="keyword">build</span> <span class="keyword">errors</span>:</span><br><span class="line"> Bad <span class="keyword">exit</span> <span class="keyword">status</span> <span class="keyword">from</span> /<span class="keyword">var</span>/tmp/rpm-tmp.pKb3Oo (%<span class="keyword">install</span>)</span><br></pre></td></tr></table></figure><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">Warning, treated <span class="keyword">as</span> error:</span><br><span class="line">/root/rpmbuild/BUILD/cinder<span class="number">-12.0</span><span class="number">.3</span>/doc/source/admin/ts-cinder-config.rst:<span class="number">193</span>:Pygments lexer name <span class="string">u'shell'</span> <span class="keyword">is</span> <span class="keyword">not</span> known</span><br><span class="line">error: Bad exit status <span class="keyword">from</span> /var/tmp/rpm-tmp.Bn0Jub (%install)</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">RPM build errors:</span><br><span class="line"> Bad exit status <span class="keyword">from</span> /var/tmp/rpm-tmp.Bn0Jub (%install)</span><br></pre></td></tr></table></figure><p>需要手动安装</p><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">pip <span class="keyword">install </span>pygments-<span class="keyword">json</span></span><br><span class="line"><span class="keyword">yum </span><span class="keyword">install </span>python-pygments</span><br></pre></td></tr></table></figure><h2 id="打包nova的时候提示gitignore文件不存在:"><a href="#打包nova的时候提示gitignore文件不存在:" class="headerlink" title="打包nova的时候提示gitignore文件不存在:"></a>打包nova的时候提示gitignore文件不存在:</h2><figure class="highlight subunit"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">creating build/lib/nova/CA</span><br><span class="line"><span class="keyword">error: </span>can't copy 'nova/CA/.gitignore': doesn't exist or not a regular file</span><br><span class="line"><span class="keyword">error: </span>Bad exit status from /var/tmp/rpm-tmp.M1KWG6 (%build)</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">RPM build errors:</span><br><span class="line"> Bad exit status from /var/tmp/rpm-tmp.M1KWG6 (%build)</span><br></pre></td></tr></table></figure><p>需要将spec文件中git查找那一行注释掉</p><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">vim SPECS/openstack-nova.spec</span><br><span class="line">...</span><br><span class="line"><span class="number">461</span> <span class="selector-id">#find</span> . \( -name <span class="selector-class">.gitignore</span> -o -name <span class="selector-class">.placeholder</span> \) -delete</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h2 id="下载源码包"><a href="#下载源码包" class="headerlink" title="下载源码包"></a>下载源码包</h2><p>wget <a href="https://mirrors.aliyun.com/repo/epel-7.repo" target="_blank" rel="external">https://mirrors.aliyun.com/repo/epel-7.repo</a><br>wget -O /etc/yum.repos.d/CentOS-Base.repo <a href="http://mirrors.aliyun.com/repo/Centos-7.repo" target="_blank" rel="external">http://mirrors.aliyun.com/repo/Centos-7.repo</a></p>
<p><a href="http://vault.centos.org/centos/7/cloud/Source/openstack-queens/" target="_blank" rel="external">http://vault.centos.org/centos/7/cloud/Source/openstack-queens/</a></p>
<figure class="highlight awk"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget http:<span class="regexp">//</span>vault.centos.org<span class="regexp">/centos/</span><span class="number">7</span><span class="regexp">/cloud/</span>Source<span class="regexp">/openstack-queens/</span>openstack-neutron-<span class="number">12.0</span>.<span class="number">2</span>-<span class="number">1</span>.el7.src.rpm</span><br></pre></td></tr></table></figure>
<h2 id="安装依赖工具"><a href="#安装依赖工具" class="headerlink" title="安装依赖工具"></a>安装依赖工具</h2><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install </span>rpm-<span class="keyword">build </span>–y</span><br><span class="line"></span><br><span class="line">groupadd mockbuild</span><br><span class="line">useradd mockbuild -g mockbuild</span><br></pre></td></tr></table></figure>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="rpm" scheme="http://pystack.org/tags/rpm/"/>
</entry>
<entry>
<title>openstack命令超时</title>
<link href="http://pystack.org/2018/06/01/openstack-timeout-when-execute-nova-or-neutron-commands/"/>
<id>http://pystack.org/2018/06/01/openstack-timeout-when-execute-nova-or-neutron-commands/</id>
<published>2018-06-01T10:39:24.000Z</published>
<updated>2018-06-07T12:39:59.815Z</updated>
<content type="html"><![CDATA[<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>我在公司办公网络内手动安装了openstack,安装完成后将服务器放到别的地方,网段什么的都不变。放到新地方之后发现 openstack dashboard 打开特别慢,在dashboard上创建虚拟机的时候提示超时,在服务器上执行 <code>nova service-list</code>之类的命令发现也特别慢,要好几分钟才能有显示。日志里面的请求时间可以看到一个请求的时间竟然要两分钟!</p><a id="more"></a><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">2018-06-07 10:28:45.471 2372 <span class="builtin-name">INFO</span> nova.osapi_compute.wsgi.server [req-9a7d998c-c7ea-4c8b-a0fb-be5ecad1d3f8 1c68cc8940e746dc939b56dc6a3fe47a b2948ddb3325408a9bfd4fb68a1e0530 -</span><br><span class="line"><span class="built_in"> default </span>default] 192.168.100.240 <span class="string">"GET /v2.1/servers/detail?limit=21&project_id=b2948ddb3325408a9bfd4fb68a1e0530 HTTP/1.1"</span> status: 200 len: 12890 time: 120.8193669</span><br><span class="line">2018-06-07 10:29:15.665 2375 <span class="builtin-name">WARNING</span> nova.context [req-b055462b-57f1-4dfd-ad41-cedf77310a7e 1c68cc8940e746dc939b56dc6a3fe47a b2948ddb3325408a9bfd4fb68a1e0530 -<span class="built_in"> default </span>defaul</span><br><span class="line">t] Timed out waiting <span class="keyword">for</span> response <span class="keyword">from</span> cell 00000000-0000-0000-0000-000000000000: CellTimeout: Timeout waiting <span class="keyword">for</span> response <span class="keyword">from</span> cell</span><br><span class="line">2018-06-07 10:29:15.666 2375 <span class="builtin-name">WARNING</span> nova.context [req-b055462b-57f1-4dfd-ad41-cedf77310a7e 1c68cc8940e746dc939b56dc6a3fe47a b2948ddb3325408a9bfd4fb68a1e0530 -<span class="built_in"> default </span>defaul</span><br><span class="line">t] Timed out waiting <span class="keyword">for</span> response <span class="keyword">from</span> cell 6fc8243c-464e-400e-aae2-b26fa6e471df: CellTimeout: Timeout waiting <span class="keyword">for</span> response <span class="keyword">from</span> cell</span><br></pre></td></tr></table></figure><h2 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h2><p>检查了openstack配置啥的都没有什么问题,去网上搜索说是keystone的token表太大了会出现timeout的情况,但我的环境是新装的,都没几条数据,不可能太多。然后我把服务器又搬回办公网络里面,发现一切又正常了… </p><p>没办法,抓个包看一下吧,然后就用tcpdump命令抓了下管理网卡的包</p><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">tcpdump -<span class="selector-tag">i</span> eth0 -w aaaaaaa.pcap</span><br></pre></td></tr></table></figure><p>wireshark打开包之后就发现了异常了</p><p><img src="/assets/img/tcpdump-dns.png" alt=""></p><p>抓到的包里面有太多的DNS包了,一直在解析controller这个地址,加上新的环境不能连internet,所以系统一直在解析controller,找到问题了就好解决了:直接把dns改成127.0.0.1,再重启dnsmasq服务。</p><figure class="highlight autoit"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root<span class="symbol">@controller</span> ~]<span class="meta"># vim /etc/resolv.conf </span></span><br><span class="line">nameserver <span class="number">127.0</span><span class="number">.0</span><span class="number">.1</span></span><br><span class="line"></span><br><span class="line">[root<span class="symbol">@controller</span> ~]<span class="meta"># systemctl restart dnsmasq</span></span><br></pre></td></tr></table></figure><p>所以,另一个解决方法就是让服务器能上网。</p>]]></content>
<summary type="html">
<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>我在公司办公网络内手动安装了openstack,安装完成后将服务器放到别的地方,网段什么的都不变。放到新地方之后发现 openstack dashboard 打开特别慢,在dashboard上创建虚拟机的时候提示超时,在服务器上执行 <code>nova service-list</code>之类的命令发现也特别慢,要好几分钟才能有显示。日志里面的请求时间可以看到一个请求的时间竟然要两分钟!</p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="timeout" scheme="http://pystack.org/tags/timeout/"/>
</entry>
<entry>
<title>Qemu guest agent</title>
<link href="http://pystack.org/2018/05/16/qemu-guest-agent/"/>
<id>http://pystack.org/2018/05/16/qemu-guest-agent/</id>
<published>2018-05-16T09:39:24.000Z</published>
<updated>2018-05-18T07:33:19.411Z</updated>
<content type="html"><![CDATA[<h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p>Qemu-guest-agent是一个运行在虚拟机内部的普通应用程序,其目的是实现一种宿主机和虚拟机进行交互的方式,这种方式不依赖于网络,而是依赖于virtio-serial(默认首选方式)或者isa-serial,而QEMU则提供了串口设备的模拟及数据交换的通道,最终呈现出来的是一个串口设备(虚拟机内部)和一个unix socket文件(宿主机上)。</p><p>qemu-guest-agent通过读写串口设备与宿主机上的socket通道进行交互,宿主机上可以使用普通的unix socket读写方式对socket文件进行读写,最终实现与qga的交互,交互的协议与qmp(QEMU Monitor Protocol)相同(简单来说就是使用JSON格式进行数据交换),串口设备的速率通常都较低,所以比较适合小数据量的交换。</p><a id="more"></a><h2 id="nova虚拟机修改root密码"><a href="#nova虚拟机修改root密码" class="headerlink" title="nova虚拟机修改root密码"></a>nova虚拟机修改root密码</h2><ol><li>在镜像中安装 qemu-guest-agent</li></ol><figure class="highlight sqf"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta"># centos</span></span><br><span class="line">yum install qemu-guest-<span class="built_in">agent</span></span><br><span class="line"></span><br><span class="line"><span class="meta"># ubuntu</span></span><br><span class="line">apt-get install qemu-guest-<span class="built_in">agent</span></span><br><span class="line"></span><br><span class="line">systemctl start qemu-guest-<span class="built_in">agent</span></span><br></pre></td></tr></table></figure><ol><li>修改镜像metadata</li></ol><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 添加</span></span><br><span class="line"><span class="attr">hw_qemu_guest_agent:</span><span class="literal">yes</span></span><br></pre></td></tr></table></figure><ol><li>修改虚拟机密码</li></ol><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> nova <span class="built_in">set</span>-password 670b6d7d-970c-4170-bb3a-db6da939a1ab</span></span><br><span class="line">New password: </span><br><span class="line">Again: </span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 调用python client</span></span><br><span class="line">self.nova_client.servers.change_password(server_id, password)</span><br></pre></td></tr></table></figure><h2 id="支持的操作"><a href="#支持的操作" class="headerlink" title="支持的操作"></a>支持的操作</h2><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br><span class="line">134</span><br><span class="line">135</span><br><span class="line">136</span><br><span class="line">137</span><br><span class="line">138</span><br><span class="line">139</span><br><span class="line">140</span><br><span class="line">141</span><br><span class="line">142</span><br><span class="line">143</span><br><span class="line">144</span><br><span class="line">145</span><br><span class="line">146</span><br><span class="line">147</span><br><span class="line">148</span><br><span class="line">149</span><br><span class="line">150</span><br><span class="line">151</span><br><span class="line">152</span><br><span class="line">153</span><br><span class="line">154</span><br><span class="line">155</span><br><span class="line">156</span><br><span class="line">157</span><br><span class="line">158</span><br><span class="line">159</span><br><span class="line">160</span><br><span class="line">161</span><br><span class="line">162</span><br><span class="line">163</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">[root@controller</span> <span class="string">~]#</span> <span class="string">virsh</span> <span class="string">qemu-agent-command</span> <span class="string">instance-00000841</span> <span class="bullet">--pretty</span> <span class="string">'{"execute":"guest-info"}'</span> </span><br><span class="line"><span class="string">{</span></span><br><span class="line"><span class="attr"> "return":</span> <span class="string">{</span></span><br><span class="line"><span class="attr"> "version":</span> <span class="string">"2.8.0"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "supported_commands":</span> <span class="string">[</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-sync-delimited"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-sync"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-suspend-ram"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">false</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-suspend-hybrid"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">false</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-suspend-disk"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">false</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-shutdown"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">false</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-set-vcpus"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-set-user-password"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-set-time"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-set-memory-blocks"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-ping"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-network-get-interfaces"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-info"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-get-vcpus"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-get-time"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-get-memory-blocks"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-get-memory-block-info"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-get-fsinfo"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-fstrim"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-fsfreeze-thaw"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-fsfreeze-status"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-fsfreeze-freeze-list"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">true</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-fsfreeze-freeze"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-file-write"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-file-seek"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-file-read"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-file-open"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-file-flush"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-file-close"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-exec-status"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">},</span></span><br><span class="line"> <span class="string">{</span></span><br><span class="line"><span class="attr"> "enabled":</span> <span class="literal">false</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "name":</span> <span class="string">"guest-exec"</span><span class="string">,</span></span><br><span class="line"><span class="attr"> "success-response":</span> <span class="literal">true</span></span><br><span class="line"> <span class="string">}</span></span><br><span class="line"> <span class="string">]</span></span><br><span class="line"> <span class="string">}</span></span><br><span class="line"><span class="string">}</span></span><br></pre></td></tr></table></figure><h2 id="执行任意命令"><a href="#执行任意命令" class="headerlink" title="执行任意命令"></a>执行任意命令</h2><p>目前官方支持的接口有查看时间、ping、读写文件、freeze、thaw、设置时间等。如果想自主执行一些脚本或者命令,可以很tricky地利用thaw这个接口</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/qemu/fsfreeze-hook.d/foo.sh</span><br><span class="line"></span><br><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">case</span> <span class="string">"<span class="variable">$1</span>"</span> <span class="keyword">in</span></span><br><span class="line"> freeze)</span><br><span class="line"> <span class="built_in">echo</span> <span class="string">"I'm frozen"</span> > /tmp/freeze</span><br><span class="line"> ;;</span><br><span class="line"> thaw)</span><br><span class="line"> bash /etc/qemu/script.sh 2>/etc/qemu/2 1>/etc/qemu/1</span><br><span class="line"> <span class="built_in">echo</span> <span class="string">"I'm thawed"</span> >> /tmp/freeze</span><br><span class="line"> ;;</span><br><span class="line"> *)</span><br><span class="line"> <span class="built_in">exit</span> 1</span><br><span class="line"> ;;</span><br><span class="line"><span class="keyword">esac</span></span><br></pre></td></tr></table></figure><p>这样每次先用qemu-agent-command中的文件读写命令把想要执行的命令写入到/etc/qemu/script.sh然后再运行thaw命令</p><figure class="highlight smali"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">sudo virsh qemu-agent-command<span class="built_in"> instance-00000008 </span>'{<span class="string">"execute"</span>:<span class="string">"guest-fsfreeze-thaw"</span>}'</span><br><span class="line">就相当于执行了bash /etc/qemu/script.sh</span><br></pre></td></tr></table></figure><figure class="highlight subunit"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]# virsh qemu-agent-command instance<span class="string">-00000841</span> '{"execute": "guest-get-mem-usage"}' </span><br><span class="line"><span class="keyword">error: </span>Guest agent is not responding: QEMU guest agent is not connected</span><br><span class="line"></span><br><span class="line">[root@controller ~]# virsh qemu-agent-command instance<span class="string">-00000841</span> '{"execute": "guest-get-mem-usage"}'</span><br><span class="line"><span class="keyword">error: </span>internal error: unable to execute QEMU agent command 'guest-get-mem-usage': The command guest-get-mem-usage has not been found</span><br></pre></td></tr></table></figure><h3 id="添加命令,修改srpm包"><a href="#添加命令,修改srpm包" class="headerlink" title="添加命令,修改srpm包"></a>添加命令,修改srpm包</h3><p>定制qga命令本质是基于QAPI框架实现QMP命令。</p><p>步骤1 : 在qapi schema(qapi模式)文件中添加命令的声明<br>步骤2 : 在相应C源码文件中用C实现命令<br>步骤3 : 测试命令是否正常</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 安装rpmbuild</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> yum install rpm-build redhat-rpm-config gcc make -y</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 下载源码包</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> wget http://vault.centos.org/7.4.1708/os/Source/SPackages/qemu-guest-agent-2.3.0-4.el7.src.rpm</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装src,会在当前目录下生成rpmbuild目录</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> rpm -i qemu-guest-agent-2.3.0-4.el7.src.rpm </span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> ls rpmbuild/</span></span><br><span class="line">BUILD BUILDROOT RPMS SOURCES SPECS SRPMS</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 进入SOURCES,解压qemu-2.3.0.tar.bz2</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> tar xvf qemu-2.3.0.tar.bz2</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 修改内容(也可以通过patch方式修改)</span></span><br><span class="line">。。。</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 删除源压缩包,并重新生成</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> rm -f qemu-2.3.0.tar.bz2</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> tar cvf qemu-2.3.0.tar.bz2 qemu-2.3.0</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 进入SPECS目录,重新生成rpm包</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> rpmbuild命令基于.spec文件和源码tar.gz及patch文件生成src.rpm和rpm包。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> rpmbuild -ba qemu-guest-agent.spec</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 重新安装</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> rpm -ivh RPMS/x86_64/qemu-guest-agent-2.3.0-4.el7.centos.x86_64.rpm </span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在宿主机上测试</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> virsh qemu-agent-command instance-00000841 <span class="string">'{"execute":"guest-info"}'</span></span></span><br></pre></td></tr></table></figure><p>参考资料:<br><a href="https://blog.csdn.net/cugb1004101218/article/details/49785859" target="_blank" rel="external">https://blog.csdn.net/cugb1004101218/article/details/49785859</a><br><a href="https://blog.csdn.net/dwdwdw2/article/details/79313684" target="_blank" rel="external">https://blog.csdn.net/dwdwdw2/article/details/79313684</a><br><a href="https://wiki.qemu.org/Hosts/Linux" target="_blank" rel="external">https://wiki.qemu.org/Hosts/Linux</a></p><p>yum install rpm-build redhat-rpm-config gcc make<br>rpm -i /tmp/mypackage-1.0.0-1.src.rpm<br>cd ~/rpmbuild/SPECS<br>rpmbuild -ba mypackage.spec</p><p>rpmbuild命令基于.spec文件和源码tar.gz及patch文件生成src.rpm和rpm包。</p><p>要修改~/rpmbuild/SOURCES/目录下的文件:<br>1,你可以重新打包 ~/rpmbuild/SOURCES/目录下的tar.gz源文件。</p><p>2,你可以修改.spec文件,增加或者减少对patch的应用。</p><p>3,推荐你修改.spec的Release: 8%{?dist} 宏,增加它的数值。<br>这样,你生成的rpm包和src.rpm包的小版本号就比原始的rpm包要高,从而你可以使用<br>sudo rpm -U ../RPMS/x86_64/bzip2-1.0.5-8.el6.x86_64.rpm<br> 这样的命令来升级rpm包。如果你不把Release数字改大,则你必须首先卸载已经安装的rpm包,<br>然后才能重新安装我们新生成的rpm包。 </p>]]></content>
<summary type="html">
<h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p>Qemu-guest-agent是一个运行在虚拟机内部的普通应用程序,其目的是实现一种宿主机和虚拟机进行交互的方式,这种方式不依赖于网络,而是依赖于virtio-serial(默认首选方式)或者isa-serial,而QEMU则提供了串口设备的模拟及数据交换的通道,最终呈现出来的是一个串口设备(虚拟机内部)和一个unix socket文件(宿主机上)。</p>
<p>qemu-guest-agent通过读写串口设备与宿主机上的socket通道进行交互,宿主机上可以使用普通的unix socket读写方式对socket文件进行读写,最终实现与qga的交互,交互的协议与qmp(QEMU Monitor Protocol)相同(简单来说就是使用JSON格式进行数据交换),串口设备的速率通常都较低,所以比较适合小数据量的交换。</p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="python" scheme="http://pystack.org/tags/python/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="nova" scheme="http://pystack.org/tags/nova/"/>
<category term="libvirt" scheme="http://pystack.org/tags/libvirt/"/>
<category term="qemu-guest-agent" scheme="http://pystack.org/tags/qemu-guest-agent/"/>
</entry>
<entry>
<title>Openstack多区域</title>
<link href="http://pystack.org/2018/04/01/openstack-multi-region/"/>
<id>http://pystack.org/2018/04/01/openstack-multi-region/</id>
<published>2018-04-01T15:30:12.000Z</published>
<updated>2018-05-03T06:01:54.985Z</updated>
<content type="html"><![CDATA[<h2 id="多区域架构"><a href="#多区域架构" class="headerlink" title="多区域架构"></a>多区域架构</h2><p><img src="/assets/img/openstack-multi-region.jpg" alt=""></p><a id="more"></a><h2 id="配置多区域"><a href="#配置多区域" class="headerlink" title="配置多区域"></a>配置多区域</h2><ol><li>添加endpoint</li></ol><figure class="highlight x86asm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">openstack endpoint create --region RegionTwo compute <span class="meta">public</span> http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">8774</span>/v2<span class="meta">.1</span></span><br><span class="line">openstack endpoint create --region RegionTwo compute internal http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">8774</span>/v2<span class="meta">.1</span></span><br><span class="line">openstack endpoint create --region RegionTwo compute admin http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">8774</span>/v2<span class="meta">.1</span></span><br><span class="line"></span><br><span class="line">openstack endpoint create --region RegionTwo placement <span class="meta">public</span> http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">8778</span></span><br><span class="line">openstack endpoint create --region RegionTwo placement internal http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">8778</span></span><br><span class="line">openstack endpoint create --region RegionTwo placement admin http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">8778</span></span><br><span class="line"></span><br><span class="line">openstack endpoint create --region RegionTwo image <span class="meta">public</span> http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">9292</span></span><br><span class="line">openstack endpoint create --region RegionTwo image internal http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">9292</span></span><br><span class="line">openstack endpoint create --region RegionTwo image admin http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">9292</span></span><br><span class="line"></span><br><span class="line">openstack endpoint create --region RegionTwo network <span class="meta">public</span> http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">9696</span></span><br><span class="line">openstack endpoint create --region RegionTwo network internal http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">9696</span></span><br><span class="line">openstack endpoint create --region RegionTwo network admin http://<span class="number">10.99</span><span class="meta">.99</span><span class="meta">.215</span>:<span class="number">9696</span></span><br></pre></td></tr></table></figure><ol><li>修改dashboard配置</li></ol><figure class="highlight 1c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/openstack-dashboard/local_settings.py</span><br><span class="line"></span><br><span class="line">AVAILABLE_REGIONS = [ </span><br><span class="line"> ('http://10.99.99.214:<span class="number">5000</span>/v2.0', 'RegionOne'),</span><br><span class="line"> ('http://10.99.99.215:<span class="number">5000</span>/v2.0', 'RegionTwo'),</span><br><span class="line">]</span><br></pre></td></tr></table></figure><hr><h3 id="共用-RegionOne-上的-keystone"><a href="#共用-RegionOne-上的-keystone" class="headerlink" title="共用 RegionOne 上的 keystone"></a>共用 RegionOne 上的 keystone</h3><p>添加RegionTwo的keystone endpoint,地址为RegionOne的地址</p><figure class="highlight groovy"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">openstack endpoint create --region RegionTwo keystone <span class="keyword">public</span> <span class="string">http:</span><span class="comment">//10.99.99.214:5000/v3/ </span></span><br><span class="line">openstack endpoint create --region RegionTwo keystone internal <span class="string">http:</span><span class="comment">//10.99.99.214:5000/v3/ </span></span><br><span class="line">openstack endpoint create --region RegionTwo keystone admin <span class="string">http:</span><span class="comment">//10.99.99.214:35357/v3/</span></span><br></pre></td></tr></table></figure><p>修改RegionTwo上的配置(glance、nova、neutron等涉及到keystone的地方)</p><figure class="highlight makefile"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">[keystone_authtoken]</span><br><span class="line">region_name=RegionTwo</span><br><span class="line">auth_uri = http://10.99.99.214:5000</span><br><span class="line">auth_url = http://10.99.99.214:35357</span><br><span class="line">...</span><br><span class="line"></span><br><span class="line">[neutron]</span><br><span class="line">...</span><br><span class="line">auth_url = http://10.99.99.214:35357</span><br><span class="line">...</span><br><span class="line">region_name = RegionTwo</span><br><span class="line">...</span><br><span class="line"></span><br><span class="line">[nova]</span><br><span class="line">...</span><br><span class="line">auth_url = http://10.99.99.214:35357</span><br><span class="line">...</span><br><span class="line">region_name = RegionTwo</span><br><span class="line">...</span><br><span class="line"></span><br><span class="line">[placement]</span><br><span class="line">os_region_name = RegionTwo</span><br><span class="line">...</span><br><span class="line">auth_url = http://10.99.99.214:35357</span><br><span class="line">...</span><br></pre></td></tr></table></figure><p>停止RegionTwo上的httpd、keystone服务</p>]]></content>
<summary type="html">
<h2 id="多区域架构"><a href="#多区域架构" class="headerlink" title="多区域架构"></a>多区域架构</h2><p><img src="/assets/img/openstack-multi-region.jpg" alt=""></p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="region" scheme="http://pystack.org/tags/region/"/>
</entry>
<entry>
<title>Too many open files</title>
<link href="http://pystack.org/2018/03/25/too-many-open-files/"/>
<id>http://pystack.org/2018/03/25/too-many-open-files/</id>
<published>2018-03-25T10:39:24.000Z</published>
<updated>2018-07-17T08:40:16.094Z</updated>
<content type="html"><![CDATA[<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>当容器创建过多的时候,rabbitmq等服务都会提示too many files open</p><figure class="highlight ldif"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">dnsmasq[18612]</span>: failed to create inotify: Too many open files</span><br></pre></td></tr></table></figure><p><strong>编辑文件/etc/pam.d/login, 添加</strong></p><figure class="highlight css"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="selector-tag">session</span> <span class="selector-tag">required</span> <span class="selector-tag">pam_limits</span><span class="selector-class">.so</span></span><br></pre></td></tr></table></figure><a id="more"></a><p><strong>配置/etc/security/limits.conf文件</strong></p><figure class="highlight asciidoc"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="bullet">* </span>soft nproc 2047</span><br><span class="line"><span class="bullet">* </span>hard nproc 16384</span><br><span class="line"><span class="bullet">* </span>soft nofile 65536</span><br><span class="line"><span class="bullet">* </span>hard nofile 200000</span><br></pre></td></tr></table></figure><ul><li>代表针对所有用户,</li><li>nproc是代表最大进程数,</li><li>nofile 是代表最大文件打开数</li><li>A hard limit can only be raised by root</li><li>A soft limit can be changed by the process at any time </li></ul><p><strong>单个用户使用epoll的文件描述符上限</strong></p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> cat /proc/sys/fs/inotify/max_user_instances</span></span><br><span class="line">128</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> <span class="built_in">echo</span> 20480 > /proc/sys/fs/inotify/max_user_instances</span></span><br></pre></td></tr></table></figure><p><strong>单个用户使用epoll进行watch的文件描述符上限</strong></p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> cat /proc/sys/fs/inotify/max_user_watches</span></span><br><span class="line">8192</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> <span class="built_in">echo</span> 40960 > /proc/sys/fs/inotify/max_user_watches</span></span><br></pre></td></tr></table></figure><p>或者修改文件</p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># vim /etc/sysctl.conf </span></span><br><span class="line">fs.inotify.<span class="attribute">max_user_instances</span>=20480</span><br><span class="line">fs.inotify.<span class="attribute">max_user_watches</span>=40960</span><br></pre></td></tr></table></figure><p>参考文档: </p><p><a href="https://jhutar.blogspot.cz/2017/12/error-too-many-open-files-when-inside.html" target="_blank" rel="external">https://jhutar.blogspot.cz/2017/12/error-too-many-open-files-when-inside.html</a></p><p><a href="https://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/" target="_blank" rel="external">https://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/</a></p><hr><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">controller dnsmasq-dhcp[4479]: DHCPDISCOVER(ns-05c5dc4c-59) 0c:c4:7a:29:8b:24 <span class="literal">no</span><span class="built_in"> address </span>available</span><br></pre></td></tr></table></figure><hr><h3 id="修改连接释放机制,防止timewait数过多"><a href="#修改连接释放机制,防止timewait数过多" class="headerlink" title="修改连接释放机制,防止timewait数过多"></a>修改连接释放机制,防止timewait数过多</h3><figure class="highlight nix"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># vim /etc/sysctl.conf</span></span><br><span class="line">net.ipv4.<span class="attr">tcp_syncookies</span> = <span class="number">1</span></span><br><span class="line">net.ipv4.<span class="attr">tcp_tw_reuse</span> = <span class="number">1</span></span><br><span class="line">net.ipv4.<span class="attr">tcp_tw_recycle</span> = <span class="number">1</span></span><br><span class="line">net.ipv4.<span class="attr">tcp_fin_timeout</span> = <span class="number">30</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># sysctl -p</span></span><br></pre></td></tr></table></figure><hr><p>查看进程打开的文件数,发现rabbitmq、mysql打开的文件数比较多。</p><figure class="highlight tap"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]<span class="comment"># ulimit -n</span></span><br><span class="line">65536</span><br><span class="line">[root@controller ~]<span class="comment"># cat /proc/sys/fs/file-nr</span></span><br><span class="line">17520 <span class="number"> 0 </span> 13061516</span><br><span class="line">[root@controller ~]<span class="comment"># lsof |wc -l</span></span><br><span class="line"><span class="number"> 456912 </span>19579</span><br><span class="line"> <span class="number"> 95060 </span>19267</span><br><span class="line"> <span class="number"> 9432 </span>34579</span><br><span class="line"> <span class="number"> 8375 </span>2479</span><br><span class="line"> <span class="number"> 4368 </span>26765</span><br><span class="line"> <span class="number"> 4368 </span>23338</span><br><span class="line"> <span class="number"> 4136 </span>21520</span><br><span class="line"> <span class="number"> 3570 </span>23532</span><br><span class="line"> <span class="number"> 2888 </span>2490</span><br><span class="line"> <span class="number"> 2691 </span>23454</span><br><span class="line"> <span class="number"> 2499 </span>21502</span><br><span class="line"> <span class="number"> 2070 </span>23195</span><br><span class="line"> <span class="number"> 1890 </span>5015</span><br><span class="line"> <span class="number"> 1890 </span>26681</span><br><span class="line"> <span class="number"> 1881 </span>6681</span><br><span class="line"> <span class="number"> 1690 </span>11867</span><br><span class="line"> <span class="number"> 1672 </span>6830</span><br><span class="line"> <span class="number"> 1608 </span>1323</span><br><span class="line"> <span class="number"> 1512 </span>27653</span><br><span class="line"></span><br><span class="line">[root@controller ~]<span class="comment"># ps -ef | grep 19579</span></span><br><span class="line">rabbitmq<span class="number"> 19579 </span> <span class="number"> 1 </span>21 Jul10 ? 1-11:20:03 /usr/lib64/erlang/erts-8.3.5.3/bin/beam.smp -W w -A<span class="number"> 640 </span>-P<span class="number"> 1048576 </span>-t<span class="number"> 5000000 </span>-stbt db -K true -- -root /usr/lib64/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.5/ebin -noshell -noinput -s rabbit boot -sname rabbit@controller -boot start_sasl -config /etc/rabbitmq/rabbitmq -kernel inet_default_connect_options [{nodelay,true}] -sasl errlog_type error -sasl sasl_error_logger false -rabbit error_logger {file,"/var/log/rabbitmq/[email protected]"} -rabbit sasl_error_logger {file,"/var/log/rabbitmq/[email protected]"} -rabbit enabled_plugins_file "/etc/rabbitmq/enabled_plugins" -rabbit plugins_dir "/usr/lib/rabbitmq/lib/rabbitmq_server-3.6.5/plugins" -rabbit plugins_expand_dir "/var/lib/rabbitmq/mnesia/rabbit@controller-plugins-expand" -os_mon start_cpu_sup false -os_mon start_disksup false -os_mon start_memsup false -mnesia dir "/var/lib/rabbitmq/mnesia/rabbit@controller" -kernel inet_dist_listen_min<span class="number"> 25672 </span>-kernel inet_dist_listen_max 25672</span><br><span class="line">rabbitmq<span class="number"> 20451 </span>19579 <span class="number"> 0 </span>Jul10 ? 00:00:12 erl_child_setup 200000</span><br><span class="line">root <span class="number"> 37443 </span>27135 <span class="number"> 0 </span>16:32 pts/16 00:00:00 grep --color=auto 19579</span><br><span class="line">[root@controller ~]<span class="comment"># ps -ef | grep 19267</span></span><br><span class="line">mysql <span class="number"> 19267 </span> <span class="number"> 1 </span><span class="number"> 1 </span>Jul10 ? 01:40:29 /usr/libexec/mysqld --basedir=/usr</span><br><span class="line">root <span class="number"> 37614 </span>27135 <span class="number"> 0 </span>16:32 pts/16 00:00:00 grep --color=auto 19267</span><br></pre></td></tr></table></figure><hr>]]></content>
<summary type="html">
<h2 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h2><p>当容器创建过多的时候,rabbitmq等服务都会提示too many files open</p>
<figure class="highlight ldif"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">dnsmasq[18612]</span>: failed to create inotify: Too many open files</span><br></pre></td></tr></table></figure>
<p><strong>编辑文件/etc/pam.d/login, 添加</strong></p>
<figure class="highlight css"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="selector-tag">session</span> <span class="selector-tag">required</span> <span class="selector-tag">pam_limits</span><span class="selector-class">.so</span></span><br></pre></td></tr></table></figure>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="zun" scheme="http://pystack.org/tags/zun/"/>
<category term="centos" scheme="http://pystack.org/tags/centos/"/>
<category term="docker" scheme="http://pystack.org/tags/docker/"/>
</entry>
<entry>
<title>清理Docker资源</title>
<link href="http://pystack.org/2018/03/24/docker-prune/"/>
<id>http://pystack.org/2018/03/24/docker-prune/</id>
<published>2018-03-24T08:39:24.000Z</published>
<updated>2018-05-22T11:26:20.327Z</updated>
<content type="html"><![CDATA[<p>Docker takes a conservative(保守的) approach(方法) to cleaning up unused objects(对象) (often referred to(被叫做) as “garbage collection”(垃圾回收)), such as images, containers, volumes, and networks: these objects are generally(通常) not removed unless you explicitly(明确) ask(要求) Docker to do so. This can cause Docker to use extra(额外) disk space. For each type of object, Docker provides a prune command. In addition(此外), you can use docker system prune to clean up multiple types of objects at once. </p><a id="more"></a><h3 id="清理镜像"><a href="#清理镜像" class="headerlink" title="清理镜像"></a>清理镜像</h3><figure class="highlight applescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># docker image prune -a </span></span><br><span class="line">WARNING! This will remove all images <span class="keyword">without</span> <span class="keyword">at</span> least one container associated <span class="keyword">to</span> them. Are you sure you want <span class="keyword">to</span> <span class="keyword">continue</span>? [y/N]</span><br></pre></td></tr></table></figure><p>-a 表示删除所有未被容器引用的镜像</p><p>默认会有确认提示,使用 -f 或者 –force 可以强制删除</p><p>默认会删除掉所有没有tag或者未被容器引用的镜像,也可以使用 –filter 来过滤要删除的镜像。例如要删除大于24小时的镜像:</p><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ docker image prune -<span class="selector-tag">a</span> --<span class="attribute">filter</span> <span class="string">"until=24h"</span></span><br></pre></td></tr></table></figure><h3 id="清理容器"><a href="#清理容器" class="headerlink" title="清理容器"></a>清理容器</h3><p>如果加上 –rm 标志,容器在stop的时候就会自动删除,没有这个标志的依然会占用磁盘空间。</p><figure class="highlight fortran"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># docker container prune </span><br><span class="line">WARNING<span class="comment">! This will remove all stopped containers. Are you sure you want to continue? [y/N]</span></span><br></pre></td></tr></table></figure><h3 id="清理卷"><a href="#清理卷" class="headerlink" title="清理卷"></a>清理卷</h3><p>卷可以被一个或多个容器使用,删除容器的时候并不能自动删除卷。</p><figure class="highlight applescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># docker volume prune </span></span><br><span class="line">WARNING! This will remove all volumes <span class="keyword">not</span> used <span class="keyword">by</span> <span class="keyword">at</span> least one container. Are you sure you want <span class="keyword">to</span> <span class="keyword">continue</span>? [y/N]</span><br></pre></td></tr></table></figure><h3 id="清理网络"><a href="#清理网络" class="headerlink" title="清理网络"></a>清理网络</h3><p>docker网络虽然不占多少磁盘空间,但是会创建iptables规则,linux网络设备,路由表。</p><figure class="highlight applescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># docker network prune </span></span><br><span class="line">WArNING! This will remove all networks <span class="keyword">not</span> used <span class="keyword">by</span> <span class="keyword">at</span> least one container. Are you sure you want <span class="keyword">to</span> <span class="keyword">continue</span>? [y/N]</span><br><span class="line"></span><br><span class="line"><span class="comment"># docker network prune -f </span></span><br><span class="line"><span class="comment"># docker network prune -f --filter "until=24h"</span></span><br></pre></td></tr></table></figure><h3 id="清理所有对象"><a href="#清理所有对象" class="headerlink" title="清理所有对象"></a>清理所有对象</h3><p>该命令会同时删除镜像、容器、卷、网络( <= 17.06.0, 大于 17.06.1 版本的需要添加–volumes参数才能删除卷)</p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"># docker system prune</span><br><span class="line">WARNING! This will remove:</span><br><span class="line"> -<span class="ruby"> all stopped containers</span></span><br><span class="line"><span class="ruby"> - all networks <span class="keyword">not</span> used by at least one container</span></span><br><span class="line"><span class="ruby"> - all dangling images</span></span><br><span class="line"><span class="ruby"> - all build cache Are you sure you want to continue? [y/N]</span></span><br><span class="line"><span class="ruby"></span></span><br><span class="line"><span class="ruby"><span class="comment"># docker system prune --volumes </span></span></span><br><span class="line"><span class="ruby">WARNING! This will <span class="symbol">remove:</span></span></span><br><span class="line"><span class="ruby"> - all stopped containers</span></span><br><span class="line"><span class="ruby"> - all networks <span class="keyword">not</span> used by at least one container</span></span><br><span class="line"><span class="ruby"> - all volumes <span class="keyword">not</span> used by at least one container</span></span><br><span class="line"><span class="ruby"> - all dangling images</span></span><br><span class="line"><span class="ruby"> - all build cache Are you sure you want to continue? [y/N]</span></span><br></pre></td></tr></table></figure><hr><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 杀死所有正在运行的容器</span></span><br><span class="line">docker kill $(docker ps -a -q)</span><br><span class="line"></span><br><span class="line"><span class="comment"># 删除所有已经停止的容器</span></span><br><span class="line">docker rm $(docker ps -a -q)</span><br><span class="line"></span><br><span class="line"><span class="comment"># 删除所有未打 dangling 标签的镜像</span></span><br><span class="line">docker rmi $(docker images -q -f <span class="attribute">dangling</span>=<span class="literal">true</span>)</span><br><span class="line"></span><br><span class="line"><span class="comment"># 删除所有镜像</span></span><br><span class="line">docker rmi $(docker images -q)</span><br><span class="line"></span><br><span class="line"><span class="comment"># Docker提供了docker system prune,可以用于清理dangling镜像(参考What are Docker <none>:<none> images?)和容器,以及失效的数据卷和网络。</span></span><br><span class="line">docker<span class="built_in"> system </span>prune</span><br><span class="line"></span><br><span class="line"><span class="comment"># 这个命令将清理整个系统,并且只会保留真正在使用的镜像,容器,数据卷以及网络</span></span><br><span class="line">docker<span class="built_in"> system </span>prune -a</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<p>Docker takes a conservative(保守的) approach(方法) to cleaning up unused objects(对象) (often referred to(被叫做) as “garbage collection”(垃圾回收)), such as images, containers, volumes, and networks: these objects are generally(通常) not removed unless you explicitly(明确) ask(要求) Docker to do so. This can cause Docker to use extra(额外) disk space. For each type of object, Docker provides a prune command. In addition(此外), you can use docker system prune to clean up multiple types of objects at once. </p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="zun" scheme="http://pystack.org/tags/zun/"/>
<category term="centos" scheme="http://pystack.org/tags/centos/"/>
<category term="docker" scheme="http://pystack.org/tags/docker/"/>
</entry>
<entry>
<title>SSH常用命令</title>
<link href="http://pystack.org/2018/03/02/ssh-notes/"/>
<id>http://pystack.org/2018/03/02/ssh-notes/</id>
<published>2018-03-02T10:59:24.000Z</published>
<updated>2018-05-22T11:48:33.401Z</updated>
<content type="html"><![CDATA[<h3 id="SSH-Allow-Password-For-One-User-Rest-Only-Allow-Public-Keys"><a href="#SSH-Allow-Password-For-One-User-Rest-Only-Allow-Public-Keys" class="headerlink" title="SSH Allow Password For One User, Rest Only Allow Public Keys"></a>SSH Allow Password For One User, Rest Only Allow Public Keys</h3><p>adding the following to your sshd_config should do the trick:</p><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">Match</span> User bob,joe,phil</span><br><span class="line"> PasswordAuthentication <span class="literal">yes</span></span><br><span class="line"> AllowTCPForwarding <span class="literal">yes</span></span><br><span class="line"> ForceCommand /bin/echo <span class="string">'We talked about this guys. No SSH for you!'</span></span><br></pre></td></tr></table></figure><a id="more"></a><h3 id="ssh-breaks-out-of-while-loop-in-bash"><a href="#ssh-breaks-out-of-while-loop-in-bash" class="headerlink" title="ssh breaks out of while-loop in bash"></a>ssh breaks out of while-loop in bash</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">for</span> i <span class="keyword">in</span> `find devel/ -newer <span class="variable">$UPLOAD_FILE</span>`</span><br><span class="line"><span class="keyword">do</span></span><br><span class="line"> <span class="built_in">echo</span> <span class="string">"Upload:"</span> <span class="variable">$i</span></span><br><span class="line"> ssh <span class="variable">$USER</span>@<span class="variable">$SERVER</span> <span class="string">"cd <span class="variable">${REMOTE_PATH}</span>; mkdir -p <span class="variable">$i</span>"</span></span><br><span class="line"><span class="keyword">done</span></span><br></pre></td></tr></table></figure><p>the ssh-command breaks out of the while-loop, therefore the first missing directory is created fine, but all subsequent missing files/directories are ignored.</p><p>The problem is that ssh reads from standard input, therefore it eats all your remaining lines. You can just connect its standard input to nowhere:</p><figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">ssh</span> <span class="variable">$USER</span>@<span class="variable">$SERVER</span> <span class="string">"cd <span class="variable">${REMOTE_PATH}</span>; mkdir -p <span class="variable">$i</span>"</span> < /dev/null</span><br></pre></td></tr></table></figure><p>You can also use ssh -n instead of the redirection.</p><h3 id="SSH-端口转发"><a href="#SSH-端口转发" class="headerlink" title="SSH 端口转发"></a>SSH 端口转发</h3><figure class="highlight x86asm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">1</span>.本地转发</span><br><span class="line">A(<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.55</span>)----|----B(<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.66</span>)-----C(<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.77</span>)</span><br><span class="line">在A上配置</span><br><span class="line">ssh -L <span class="number">9527</span>:<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.77</span>:<span class="number">23</span> -fN <span class="number">192.168</span><span class="meta">.191</span><span class="meta">.66</span></span><br><span class="line"></span><br><span class="line"><span class="number">2</span>.远程转发</span><br><span class="line">A(<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.55</span>)----|----B(<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.66</span>)-----C(<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.77</span>)</span><br><span class="line">在B上配置</span><br><span class="line">ssh -R <span class="number">9527</span>:<span class="number">192.168</span><span class="meta">.191</span><span class="meta">.77</span>:<span class="number">23</span> -fN <span class="number">192.168</span><span class="meta">.191</span><span class="meta">.55</span></span><br></pre></td></tr></table></figure><p>-C:压缩数据传输。<br>-f:表示SSH连接成功后,转入后台运行。这样一来,你就可以在不中断SSH连接的情况下,在本地shell中执行其他操作。要关闭这个后台连接,就只有用kill命令去杀掉进程。<br>-g:在-L/-R/-D参数中,允许远程主机连接到建立的转发的端口,如果不加这个参数,只允许本地主机建立连接。<br>-L: 本地端口:目标IP:目标端口<br>-N:参数,表示只连接远程主机,不打开远程shell; -T:参数,表示不为这个连接分配TTY。这个两个参数可以放在一起用,代表这个SSH连接只用来传数据,不执行远程操作。</p>]]></content>
<summary type="html">
<h3 id="SSH-Allow-Password-For-One-User-Rest-Only-Allow-Public-Keys"><a href="#SSH-Allow-Password-For-One-User-Rest-Only-Allow-Public-Keys" class="headerlink" title="SSH Allow Password For One User, Rest Only Allow Public Keys"></a>SSH Allow Password For One User, Rest Only Allow Public Keys</h3><p>adding the following to your sshd_config should do the trick:</p>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">Match</span> User bob,joe,phil</span><br><span class="line"> PasswordAuthentication <span class="literal">yes</span></span><br><span class="line"> AllowTCPForwarding <span class="literal">yes</span></span><br><span class="line"> ForceCommand /bin/echo <span class="string">'We talked about this guys. No SSH for you!'</span></span><br></pre></td></tr></table></figure>
</summary>
<category term="Linux" scheme="http://pystack.org/categories/Linux/"/>
<category term="linux" scheme="http://pystack.org/tags/linux/"/>
<category term="ssh" scheme="http://pystack.org/tags/ssh/"/>
</entry>
<entry>
<title>Neutron Fwaas V2 版配置</title>
<link href="http://pystack.org/2018/02/22/configure-neutron-fwaas-v2/"/>
<id>http://pystack.org/2018/02/22/configure-neutron-fwaas-v2/</id>
<published>2018-02-22T06:22:22.000Z</published>
<updated>2018-03-29T06:31:16.647Z</updated>
<content type="html"><![CDATA[<h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>安装官网的文档配置fwaas v2后,创建防火墙组的时候,如果选择防火墙策略和路由器端口,防火墙的状态一直是Pengding Create,这时候删除的话也无法删除,状态变为Pending Update。</p><p>创建时只选择防火墙策略或者端口是能创建成功的,创建后的状态也是active的,再添加策略或端口,状态就会像上面的一样一直是Pending Update,后台也没有什么报错信息。</p><a id="more"></a><h2 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h2><p>官方的文档配置有点问题,只需要修改一下配置即可:</p><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[AGENT]</span></span><br><span class="line"><span class="attr">extensions</span> = fwaas_v2</span><br><span class="line"></span><br><span class="line"><span class="section">[fwaas]</span></span><br><span class="line"><span class="attr">driver</span> = iptables_v2 </span><br><span class="line"><span class="attr">agent_version</span> = v2</span><br></pre></td></tr></table></figure><p>官网配置文档: <a href="https://docs.openstack.org/newton/networking-guide/fwaas-v2-scenario.html" target="_blank" rel="external">https://docs.openstack.org/newton/networking-guide/fwaas-v2-scenario.html</a></p><hr><h3 id="安装neutron-fwaas"><a href="#安装neutron-fwaas" class="headerlink" title="安装neutron-fwaas"></a>安装neutron-fwaas</h3><figure class="highlight cmake"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install</span> openstack-neutron-fwaas python-neutron-fwaas</span><br></pre></td></tr></table></figure><h3 id="安装neutron-fwaas-dashboard"><a href="#安装neutron-fwaas-dashboard" class="headerlink" title="安装neutron-fwaas-dashboard"></a>安装neutron-fwaas-dashboard</h3><figure class="highlight awk"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">https:<span class="regexp">//gi</span>thub.com<span class="regexp">/openstack/</span>neutron-fwaas-dashboard</span><br></pre></td></tr></table></figure><hr><h2 id="错误:-Could-not-load-‘fwaas-v2’-Can’t-instantiate-abstract-class-L3WithFWaas-with-abstract-methods-ha-satae-change"><a href="#错误:-Could-not-load-‘fwaas-v2’-Can’t-instantiate-abstract-class-L3WithFWaas-with-abstract-methods-ha-satae-change" class="headerlink" title="错误: Could not load ‘fwaas_v2’ : Can’t instantiate abstract class L3WithFWaas with abstract methods ha_satae_change"></a>错误: Could not load ‘fwaas_v2’ : Can’t instantiate abstract class L3WithFWaas with abstract methods ha_satae_change</h2><figure class="highlight crystal"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vim /usr/<span class="class"><span class="keyword">lib</span>/<span class="title">python2</span>.7/<span class="title">site</span>-<span class="title">packages</span>/<span class="title">neutron_fwaas</span>/<span class="title">services</span>/<span class="title">firewall</span>/<span class="title">agents</span>/<span class="title">l3reference</span>/<span class="title">firewall_l3_agent_v2</span>.<span class="title">py</span></span></span><br><span class="line"></span><br><span class="line">在FWaaSL3AgentExtension类里面添加ha_state_change方法</span><br><span class="line"></span><br><span class="line"> <span class="function"><span class="keyword">def</span> <span class="title">ha_state_change</span></span>(<span class="keyword">self</span>, context, data):</span><br><span class="line"> pass</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>安装官网的文档配置fwaas v2后,创建防火墙组的时候,如果选择防火墙策略和路由器端口,防火墙的状态一直是Pengding Create,这时候删除的话也无法删除,状态变为Pending Update。</p>
<p>创建时只选择防火墙策略或者端口是能创建成功的,创建后的状态也是active的,再添加策略或端口,状态就会像上面的一样一直是Pending Update,后台也没有什么报错信息。</p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="neutron" scheme="http://pystack.org/tags/neutron/"/>
<category term="fwaas" scheme="http://pystack.org/tags/fwaas/"/>
</entry>
<entry>
<title>Add lock for memcache</title>
<link href="http://pystack.org/2018/01/16/add-lock-for-memcache/"/>
<id>http://pystack.org/2018/01/16/add-lock-for-memcache/</id>
<published>2018-01-16T06:48:35.000Z</published>
<updated>2018-01-19T06:17:33.590Z</updated>
<content type="html"><![CDATA[<h2 id="说明"><a href="#说明" class="headerlink" title="说明"></a>说明</h2><p>项目有一个需求,需要在多线程并发的情况下实现对memcache的读写,这就需要实现一个类似数据库锁的功能,在访问memcache的时候加锁,结束后释放。</p><a id="more"></a><h2 id="代码"><a href="#代码" class="headerlink" title="代码"></a>代码</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> time</span><br><span class="line"><span class="keyword">import</span> logging</span><br><span class="line"><span class="keyword">import</span> contextlib</span><br><span class="line"><span class="keyword">import</span> random</span><br><span class="line"><span class="keyword">from</span> django.core.cache <span class="keyword">import</span> cache <span class="keyword">as</span> django_cache</span><br><span class="line"></span><br><span class="line"><span class="class"><span class="keyword">class</span> <span class="title">MemcacheLockException</span><span class="params">(Exception)</span>:</span></span><br><span class="line"> <span class="function"><span class="keyword">def</span> <span class="title">__init__</span><span class="params">(self, *args, **kwargs)</span>:</span></span><br><span class="line"> Exception.__init__(self, *args, **kwargs)</span><br><span class="line"></span><br><span class="line"><span class="meta">@contextlib.contextmanager</span></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">memcache_lock</span><span class="params">(key, attempts=<span class="number">1</span>, expires=<span class="number">120</span>)</span>:</span></span><br><span class="line"> key = <span class="string">'__d_lock_%s'</span> % key</span><br><span class="line"></span><br><span class="line"> got_lock = <span class="keyword">False</span></span><br><span class="line"> <span class="keyword">try</span>:</span><br><span class="line"> got_lock = _acquire_lock(key, attempts, expires)</span><br><span class="line"> <span class="keyword">yield</span></span><br><span class="line"> <span class="keyword">finally</span>:</span><br><span class="line"> <span class="keyword">if</span> got_lock:</span><br><span class="line"> _release_lock(key)</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">_acquire_lock</span><span class="params">(key, attempts, expires)</span>:</span></span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> xrange(<span class="number">0</span>, attempts):</span><br><span class="line"> stored = django_cache.add(key, <span class="number">1</span>, expires)</span><br><span class="line"> <span class="keyword">if</span> stored:</span><br><span class="line"> <span class="keyword">return</span> <span class="keyword">True</span></span><br><span class="line"> <span class="keyword">if</span> i != attempts<span class="number">-1</span>:</span><br><span class="line"> sleep_time = random.randint(<span class="number">1</span>, <span class="number">10</span>)/<span class="number">10.0</span></span><br><span class="line"> logging.debug(<span class="string">'Sleeping for %s while trying to acquire key %s'</span>, sleep_time, key)</span><br><span class="line"> time.sleep(sleep_time)</span><br><span class="line"> <span class="keyword">raise</span> MemcacheLockException(<span class="string">'Could not acquire lock for %s'</span> % key)</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">_release_lock</span><span class="params">(key)</span>:</span></span><br><span class="line"> django_cache.delete(key)</span><br></pre></td></tr></table></figure><p>使用:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">try</span>:</span><br><span class="line"> <span class="keyword">with</span> memcache_lock(my_key):</span><br><span class="line"> <span class="comment"># Critical section</span></span><br><span class="line"> <span class="keyword">pass</span></span><br><span class="line"><span class="keyword">except</span> MemcacheLockException:</span><br><span class="line"> <span class="comment"># Never got the lock</span></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h2 id="说明"><a href="#说明" class="headerlink" title="说明"></a>说明</h2><p>项目有一个需求,需要在多线程并发的情况下实现对memcache的读写,这就需要实现一个类似数据库锁的功能,在访问memcache的时候加锁,结束后释放。</p>
</summary>
<category term="Python" scheme="http://pystack.org/categories/Python/"/>
<category term="python" scheme="http://pystack.org/tags/python/"/>
<category term="memcache" scheme="http://pystack.org/tags/memcache/"/>
</entry>
<entry>
<title>配置neutron qos</title>
<link href="http://pystack.org/2017/11/26/enable-neutron-qos/"/>
<id>http://pystack.org/2017/11/26/enable-neutron-qos/</id>
<published>2017-11-26T15:39:24.000Z</published>
<updated>2017-12-06T07:58:48.742Z</updated>
<content type="html"><![CDATA[<h2 id="网络节点"><a href="#网络节点" class="headerlink" title="网络节点:"></a>网络节点:</h2><ol><li>Add the QoS service to the service_plugins setting in /etc/neutron/neutron.conf. For example:</li></ol><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">service_plugins</span> = ... ,qos</span><br></pre></td></tr></table></figure><ol><li>In /etc/neutron/plugins/ml2/ml2_conf.ini, add qos to extension_drivers in the [ml2] section. For example:</li></ol><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[ml2]</span></span><br><span class="line"><span class="attr">extension_drivers</span> = port_security, qos</span><br></pre></td></tr></table></figure><a id="more"></a><ol><li>If the Open vSwitch agent/Linux bridge is being used, set extensions to qos in the [agent] section of /etc/neutron/plugins/ml2/[openvswitch_agent|linuxbridge_agent].ini. For example:</li></ol><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[agent]</span></span><br><span class="line"><span class="attr">extensions</span> = qos</span><br></pre></td></tr></table></figure><h2 id="计算节点"><a href="#计算节点" class="headerlink" title="计算节点:"></a>计算节点:</h2><p>In /etc/neutron/plugins/ml2/[openvswitch_agent|linuxbridge_agent].ini, add qos to the extensions setting in the [agent] section. For example:</p><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[agent]</span></span><br><span class="line"><span class="attr">extensions</span> = qos</span><br></pre></td></tr></table></figure><h2 id="常用命令"><a href="#常用命令" class="headerlink" title="常用命令"></a>常用命令</h2><figure class="highlight gherkin"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 创建qos策略</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron qos-policy-create bw-limiter</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># openstack network qos policy create bw-limiter</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 列出qos策略</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron qos-policy-list</span></span><br><span class="line">neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.</span><br><span class="line">+--------------------------------------+------------+----------------------------------+</span><br><span class="line">|<span class="string"> id </span>|<span class="string"> name </span>|<span class="string"> tenant_id </span>|</span><br><span class="line">+--------------------------------------+------------+----------------------------------+</span><br><span class="line">|<span class="string"> d3499b26-806d-43dd-80f1-68f0787af486 </span>|<span class="string"> bw-limiter </span>|<span class="string"> 08b173e0db2049e59d19bdd0e45f6b36 </span>|</span><br><span class="line">+--------------------------------------+------------+----------------------------------+</span><br><span class="line"></span><br><span class="line"><span class="comment"># 创建带宽限制规则</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron qos-bandwidth-limit-rule-create bw-limiter --max-kbps 3 --max-burst-kbps 3</span></span><br><span class="line"></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># openstack network qos rule create --type bandwidth-limit --max-kbps 3000 --max-burst-kbits 300 --[ingress|egress] bw-limiter </span></span><br><span class="line">+----------------+--------------------------------------+</span><br><span class="line">|<span class="string"> Field </span>|<span class="string"> Value </span>|</span><br><span class="line">+----------------+--------------------------------------+</span><br><span class="line">|<span class="string"> direction </span>|<span class="string"> ingress </span>|</span><br><span class="line">|<span class="string"> id </span>|<span class="string"> c52edb91-73a3-4592-b0f9-f02326ef5748 </span>|</span><br><span class="line">|<span class="string"> max_burst_kbps </span>|<span class="string"> 300 </span>|</span><br><span class="line">|<span class="string"> max_kbps </span>|<span class="string"> 3000 </span>|</span><br><span class="line">|<span class="string"> name </span>|<span class="string"> None </span>|</span><br><span class="line">|<span class="string"> project_id </span>|<span class="string"> </span>|</span><br><span class="line">+----------------+--------------------------------------+</span><br><span class="line"></span><br><span class="line"><span class="comment"># 列出当前qos策略下面的规则</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron qos-bandwidth-limit-rule-list bw-limiter</span></span><br><span class="line">neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.</span><br><span class="line">+-----------+--------------------------------------+----------------+----------+</span><br><span class="line">|<span class="string"> direction </span>|<span class="string"> id </span>|<span class="string"> max_burst_kbps </span>|<span class="string"> max_kbps </span>|</span><br><span class="line">+-----------+--------------------------------------+----------------+----------+</span><br><span class="line">|<span class="string"> ingress </span>|<span class="string"> c52edb91-73a3-4592-b0f9-f02326ef5748 </span>|<span class="string"> 200 </span>|<span class="string"> 200 </span>|</span><br><span class="line">|<span class="string"> egress </span>|<span class="string"> f25ec3ff-ae3b-4c45-9999-471603194a5a </span>|<span class="string"> 1000 </span>|<span class="string"> 1000 </span>|</span><br><span class="line">+-----------+--------------------------------------+----------------+----------+</span><br><span class="line"></span><br><span class="line"><span class="comment"># 更新带宽限制规则</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron qos-bandwidth-limit-rule-update 0379b40f-4b55-49d7-9e32-77a9c3508424 bw-limiter --max-kbps 200 --max-burst-kbps 200</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 为端口设置qos策略</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron port-update b90df288-6239-4a07-ae66-9e67bd4c44b6 --qos-policy bw-limiter</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># openstack port set --qos-policy bw-limiter \</span></span><br><span class="line"> b90df288-6239-4a07-ae66-9e67bd4c44b6</span><br><span class="line"></span><br><span class="line"><span class="comment"># 为整个网络设置qos策略</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron net-update private --qos-policy bw-limiter</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 查看当前端口详情</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron port-show b90df288-6239-4a07-ae66-9e67bd4c44b6</span></span><br><span class="line">neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.</span><br><span class="line">+-----------------------+------------------------------------------------------------------------------------+</span><br><span class="line">|<span class="string"> Field </span>|<span class="string"> Value </span>|</span><br><span class="line">+-----------------------+------------------------------------------------------------------------------------+</span><br><span class="line">|<span class="string"> admin_state_up </span>|<span class="string"> True </span>|</span><br><span class="line">|<span class="string"> allowed_address_pairs </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> binding:host_id </span>|<span class="string"> compute1 </span>|</span><br><span class="line">|<span class="string"> binding:profile </span>|<span class="string"> {} </span>|</span><br><span class="line">|<span class="string"> binding:vif_details </span>|<span class="string"> {"port_filter": true} </span>|</span><br><span class="line">|<span class="string"> binding:vif_type </span>|<span class="string"> bridge </span>|</span><br><span class="line">|<span class="string"> binding:vnic_type </span>|<span class="string"> normal </span>|</span><br><span class="line">|<span class="string"> created_at </span>|<span class="string"> 2017-11-08T02:31:47Z </span>|</span><br><span class="line">|<span class="string"> description </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> device_id </span>|<span class="string"> 880c6c8e-2348-46cf-ba47-5e1916d5843b </span>|</span><br><span class="line">|<span class="string"> device_owner </span>|<span class="string"> compute:nova </span>|</span><br><span class="line">|<span class="string"> extra_dhcp_opts </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> fixed_ips </span>|<span class="string"> {"subnet_id": "d3e38396-6227-4514-b56b-539ff61888f7", "ip_address": "192.168.1.8"} </span>|</span><br><span class="line">|<span class="string"> id </span>|<span class="string"> b90df288-6239-4a07-ae66-9e67bd4c44b6 </span>|</span><br><span class="line">|<span class="string"> mac_address </span>|<span class="string"> fa:16:3e:2a:df:5b </span>|</span><br><span class="line">|<span class="string"> name </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> network_id </span>|<span class="string"> c192f87f-2c6c-47aa-af9a-97cd9e58a958 </span>|</span><br><span class="line">|<span class="string"> port_security_enabled </span>|<span class="string"> True </span>|</span><br><span class="line">|<span class="string"> project_id </span>|<span class="string"> 08b173e0db2049e59d19bdd0e45f6b36 </span>|</span><br><span class="line">|<span class="string"> qos_policy_id </span>|<span class="string"> d3499b26-806d-43dd-80f1-68f0787af486 </span>|</span><br><span class="line">|<span class="string"> revision_number </span>|<span class="string"> 369649 </span>|</span><br><span class="line">|<span class="string"> security_groups </span>|<span class="string"> 59d7794d-ffc8-4c0a-8bb7-34624bc14821 </span>|</span><br><span class="line">|<span class="string"> status </span>|<span class="string"> ACTIVE </span>|</span><br><span class="line">|<span class="string"> tags </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> tenant_id </span>|<span class="string"> 08b173e0db2049e59d19bdd0e45f6b36 </span>|</span><br><span class="line">|<span class="string"> updated_at </span>|<span class="string"> 2017-11-30T11:33:15Z </span>|</span><br><span class="line">+-----------------------+------------------------------------------------------------------------------------+</span><br><span class="line"></span><br><span class="line"><span class="comment"># 删除端口上面的qos策略</span></span><br><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron port-update b90df288-6239-4a07-ae66-9e67bd4c44b6 --no-qos-policy</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 为网络绑定qos策略</span></span><br><span class="line">neutron net-update private --qos-policy bw-limiter</span><br></pre></td></tr></table></figure><h2 id="检查计算节点"><a href="#检查计算节点" class="headerlink" title="检查计算节点"></a>检查计算节点</h2><figure class="highlight ldif"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 检查tc规则,最后一条为新增的qos规则</span></span><br><span class="line">[root@compute1 ~]<span class="comment"># tc qdisc show</span></span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev lo root refcnt 2</span><br><span class="line"></span><br><span class="line">... ...</span><br><span class="line"></span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev docker0 root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev brqdf94a80d-62 root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev vxlan-7 root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev tap50fe349c-88 root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev tapb5f2adfd-cc root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev tapeb6cafe1-c1 root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev brqc192f87f-2c root refcnt 2</span><br><span class="line"><span class="attribute">qdisc noqueue 0</span>: dev vxlan-10 root refcnt 2</span><br><span class="line"><span class="attribute">qdisc pfifo_fast 0</span>: dev tapb90df288-62 root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1</span><br><span class="line"><span class="attribute">qdisc ingress ffff</span>: dev tapb90df288-62 parent ffff:fff1 ----------------</span><br></pre></td></tr></table></figure><h2 id="Networking-back-ends-supported-rules-and-traffic-direction"><a href="#Networking-back-ends-supported-rules-and-traffic-direction" class="headerlink" title="Networking back ends, supported rules, and traffic direction"></a>Networking back ends, supported rules, and traffic direction</h2><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">==================== ================ ================ ================</span><br><span class="line"> Rule \ back end Open vSwitch SR-IOV Linux bridge</span><br><span class="line">==================== ================ ================ ================</span><br><span class="line"> Bandwidth limit Egress\Ingress Egress (1) Egress\Ingress</span><br><span class="line"> Minimum bandwidth - Egress -</span><br><span class="line"> DSCP marking Egress - Egress</span><br><span class="line">==================== ================ ================ ================</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h2 id="网络节点"><a href="#网络节点" class="headerlink" title="网络节点:"></a>网络节点:</h2><ol>
<li>Add the QoS service to the service_plugins setting in /etc/neutron/neutron.conf. For example:</li>
</ol>
<figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">service_plugins</span> = ... ,qos</span><br></pre></td></tr></table></figure>
<ol>
<li>In /etc/neutron/plugins/ml2/ml2_conf.ini, add qos to extension_drivers in the [ml2] section. For example:</li>
</ol>
<figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[ml2]</span></span><br><span class="line"><span class="attr">extension_drivers</span> = port_security, qos</span><br></pre></td></tr></table></figure>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="Openstack" scheme="http://pystack.org/tags/Openstack/"/>
<category term="neutron" scheme="http://pystack.org/tags/neutron/"/>
<category term="qos" scheme="http://pystack.org/tags/qos/"/>
</entry>
<entry>
<title>Openstack无法启动kali linux</title>
<link href="http://pystack.org/2017/11/26/unable-to-boot-kali-linux-by-kvm/"/>
<id>http://pystack.org/2017/11/26/unable-to-boot-kali-linux-by-kvm/</id>
<published>2017-11-26T13:39:24.000Z</published>
<updated>2017-12-08T05:51:52.849Z</updated>
<content type="html"><![CDATA[<h3 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h3><p>通过KVM安装kali linux时一切正常,但是安装完成后重启的时候系统无法启动,提示错误: </p><blockquote><p> intel_rapl: no valid rapl domains found in package 0</p></blockquote><h3 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h3><p>这是虚拟显卡的问题,只需要修改一下镜像的元数据即可</p><figure class="highlight avrasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="symbol">hw_video_model:</span> vga</span><br></pre></td></tr></table></figure><a id="more"></a><p>注: kali默认的第一块硬盘是sda,但openstack默认的是vda,虚拟机启动时会提示找不到sda1,所以还需要添加硬盘控制器的元数据:</p><figure class="highlight avrasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="symbol">hw_disk_bus:</span> ide</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h3 id="问题"><a href="#问题" class="headerlink" title="问题"></a>问题</h3><p>通过KVM安装kali linux时一切正常,但是安装完成后重启的时候系统无法启动,提示错误: </p>
<blockquote>
<p> intel_rapl: no valid rapl domains found in package 0</p>
</blockquote>
<h3 id="解决方法"><a href="#解决方法" class="headerlink" title="解决方法"></a>解决方法</h3><p>这是虚拟显卡的问题,只需要修改一下镜像的元数据即可</p>
<figure class="highlight avrasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="symbol">hw_video_model:</span> vga</span><br></pre></td></tr></table></figure>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="Openstack" scheme="http://pystack.org/tags/Openstack/"/>
<category term="kvm" scheme="http://pystack.org/tags/kvm/"/>
<category term="kali linux" scheme="http://pystack.org/tags/kali-linux/"/>
</entry>
<entry>
<title>安装Openstack ZUN模块</title>
<link href="http://pystack.org/2017/10/14/install-openstack-zun/"/>
<id>http://pystack.org/2017/10/14/install-openstack-zun/</id>
<published>2017-10-14T03:39:24.000Z</published>
<updated>2018-07-20T08:01:12.345Z</updated>
<content type="html"><![CDATA[<h3 id="安装-zun"><a href="#安装-zun" class="headerlink" title="安装 zun"></a>安装 zun</h3><p><a href="https://review.openstack.org/#/c/504537/11/doc/source/install/controller-install-ubuntu.rst" target="_blank" rel="external">https://review.openstack.org/#/c/504537/11/doc/source/install/controller-install-ubuntu.rst</a></p><p><a href="https://review.openstack.org/#/c/504537/11/doc/source/install/compute-install-ubuntu.rst" target="_blank" rel="external">https://review.openstack.org/#/c/504537/11/doc/source/install/compute-install-ubuntu.rst</a></p><p>Queens版安装文档: <a href="https://docs.openstack.org/zun/queens/install/" target="_blank" rel="external">https://docs.openstack.org/zun/queens/install/</a></p><a id="more"></a><h3 id="安装网络驱动-kuryr-libnetwork"><a href="#安装网络驱动-kuryr-libnetwork" class="headerlink" title="安装网络驱动 kuryr-libnetwork"></a>安装网络驱动 kuryr-libnetwork</h3><p><a href="https://docs.openstack.org/kuryr-libnetwork/latest/install/index.html" target="_blank" rel="external">https://docs.openstack.org/kuryr-libnetwork/latest/install/index.html</a></p><h3 id="安装UI-zun-ui"><a href="#安装UI-zun-ui" class="headerlink" title="安装UI zun-ui"></a>安装UI zun-ui</h3><p><a href="https://docs.openstack.org/zun-ui/latest/install/index.html#manual-installation" target="_blank" rel="external">https://docs.openstack.org/zun-ui/latest/install/index.html#manual-installation</a></p><p>注: 官方文档只有ubuntu版本的安装教程,Centos的安装步骤与Ubuntu相同,需要注意的是centos版本需要去掉路径中的local(例如文档中的:/usr/local/bin/zun-compute 需要改为/usr/bin/zun-compute)<br>注:安装的时候需要注意git签出的分支是否正确(stable/pike)</p><h3 id="常用命令"><a href="#常用命令" class="headerlink" title="常用命令"></a>常用命令</h3><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br></pre></td><td class="code"><pre><span class="line">usage: zun create [-n <name>] [--cpu <cpu>] [-m <memory>] [-e <<span class="attribute">KEY</span>=VALUE>]</span><br><span class="line"> [--workdir <workdir>] [--rm] [--label <<span class="attribute">KEY</span>=VALUE>]</span><br><span class="line"> [--image-pull-policy <policy>] [--restart <restart>] [-i]</span><br><span class="line"> [--image-driver <image_driver>]</span><br><span class="line"> [--security-group <security-group>] [--hint <<span class="attribute">key</span>=value>]</span><br><span class="line"> [--net <auto, <span class="attribute">network</span>=network, <span class="attribute">port</span>=port-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr>]</span><br><span class="line"> [--runtime <runtime>] [--hostname <hostname>]</span><br><span class="line"> <image> <span class="built_in">..</span>.</span><br><span class="line"></span><br><span class="line">usage: zun <span class="builtin-name">run</span> [-n <name>] [--cpu <cpu>] [-m <memory>] [-e <<span class="attribute">KEY</span>=VALUE>]</span><br><span class="line"> [--workdir <workdir>] [--rm] [--label <<span class="attribute">KEY</span>=VALUE>]</span><br><span class="line"> [--image-pull-policy <policy>] [--restart <restart>] [-i]</span><br><span class="line"> [--image-driver <image_driver>]</span><br><span class="line"> [--security-group <security-group>] [--hint <<span class="attribute">key</span>=value>]</span><br><span class="line"> [--net <auto, <span class="attribute">network</span>=network, <span class="attribute">port</span>=port-uuid,v4-fixed-ip=ip-addr,v6-fixed-ip=ip-addr>]</span><br><span class="line"> [--runtime <runtime>] [--hostname <hostname>]</span><br><span class="line"> <image> <span class="built_in">..</span>.</span><br><span class="line"></span><br><span class="line">def container_create(request, **kwargs):</span><br><span class="line"> args, <span class="builtin-name">run</span> = _cleanup_params(CONTAINER_CREATE_ATTRS, <span class="literal">True</span>, **kwargs)</span><br><span class="line"> response = None</span><br><span class="line"> <span class="keyword">if</span> run:</span><br><span class="line"> response = zunclient(request).containers.<span class="builtin-name">run</span>(*<span class="number">*a</span>rgs)</span><br><span class="line"> <span class="keyword">else</span>:</span><br><span class="line"> response = zunclient(request).containers.create(*<span class="number">*a</span>rgs)</span><br><span class="line"> return response</span><br><span class="line"></span><br><span class="line"><span class="comment">### 创建并启动容器</span></span><br><span class="line">openstack appcontainer <span class="builtin-name">run</span> --name container --net <span class="attribute">network</span>=<span class="variable">$NET_ID</span> cirros<span class="built_in"> ping </span>8.8.8.8</span><br><span class="line"></span><br><span class="line"><span class="comment">### 容器列表</span></span><br><span class="line">openstack appcontainer list</span><br><span class="line">zun image-list </span><br><span class="line"></span><br><span class="line"><span class="comment">### 进入容器bash</span></span><br><span class="line">openstack appcontainer exec --interactive container /bin/sh</span><br><span class="line"></span><br><span class="line"><span class="comment">### 停止容器</span></span><br><span class="line">openstack appcontainer stop container</span><br><span class="line"></span><br><span class="line"><span class="comment">### 删除容器</span></span><br><span class="line">openstack appcontainer delete container</span><br><span class="line"></span><br><span class="line"><span class="comment">### 拷贝文件</span></span><br><span class="line">zun cp container:src_path dest_path|-</span><br><span class="line">zun cp src_path|- container:dest_path</span><br><span class="line"></span><br><span class="line">--------------------------------------------</span><br><span class="line"></span><br><span class="line"><span class="comment">### 创建网络</span></span><br><span class="line">neutron API</span><br><span class="line"></span><br><span class="line"><span class="comment">### 创建路由</span></span><br><span class="line">neutron API</span><br><span class="line"></span><br><span class="line"><span class="comment">### 绑定端口</span></span><br><span class="line">neutron API</span><br><span class="line"></span><br><span class="line"><span class="comment">### 从镜像创建容器</span></span><br><span class="line"> zun <span class="builtin-name">run</span> --name ubuntu-web --net <span class="attribute">network</span>=df94a80d-62a9-4551-ae6b-8d0af3f44fc2 ubuntu-webbb tail -f /etc/hosts</span><br><span class="line"></span><br><span class="line"><span class="comment">### 绑定浮动IP</span></span><br><span class="line">申请浮动IP -- 获取容器网络port id</span><br><span class="line"></span><br><span class="line">Container Addresses</span><br><span class="line">{ <span class="string">"df94a80d-62a9-4551-ae6b-8d0af3f44fc2"</span>: [ { <span class="string">"version"</span>: 4, <span class="string">"addr"</span>: <span class="string">"172.16.1.14"</span>, <span class="string">"port"</span>: <span class="string">"eb6cafe1-c19c-4555-826d-7188e903566e"</span> } ] }</span><br><span class="line"></span><br><span class="line">neutron floatingip-associate 32c35af6-9d72-416a-a8cc-220522106452 b3f02c2e-aa76-4db6-b8dc-7defcf67b5a3</span><br><span class="line"></span><br><span class="line">floating-ip 设备id(device id) - 端口ID</span><br><span class="line">1. 创建端口(指定网络) -- 创建容器(指定端口) -- 生成浮动IP -- 绑定浮动IP</span><br><span class="line">2. 创建容器(指定网络) -- 创建容器 -- 查找端口 -- 生成浮动IP -- 绑定浮动IP</span><br><span class="line"></span><br><span class="line"><span class="comment">### 容器初始化</span></span><br><span class="line"> 拼接初始化脚本文件 -- 拷贝zip文件到容器中 -- 执行初始化 (解压zip文件 -- 执行安装脚本 -- 执行init脚本)</span><br><span class="line"></span><br><span class="line"><span class="comment">### 从容器转为镜像</span></span><br><span class="line"> zun commit ubuntuc ubuntu-webbb </span><br><span class="line"> ---- zun pull ubuntu-webbb ----</span><br><span class="line"></span><br><span class="line"><span class="comment">### 从docker file生成镜像 (暂不支持)</span></span><br><span class="line"> TODO</span><br></pre></td></tr></table></figure><h3 id="使用阿里云yum源安装docker"><a href="#使用阿里云yum源安装docker" class="headerlink" title="使用阿里云yum源安装docker"></a>使用阿里云yum源安装docker</h3><figure class="highlight livescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># Uninstall installed docker</span></span><br><span class="line">sudo yum remove docker <span class="string">\</span></span><br><span class="line"> docker-client <span class="string">\</span></span><br><span class="line"> docker-client-latest <span class="string">\</span></span><br><span class="line"> docker-common <span class="string">\</span></span><br><span class="line"> docker-latest <span class="string">\</span></span><br><span class="line"> docker-latest-logrotate <span class="string">\</span></span><br><span class="line"> docker-logrotate <span class="string">\</span></span><br><span class="line"> docker-selinux <span class="string">\</span></span><br><span class="line"> docker-engine-selinux <span class="string">\</span></span><br><span class="line"> docker-engine</span><br><span class="line"></span><br><span class="line"><span class="comment"># Set up repository</span></span><br><span class="line">sudo yum install -y yum-utils</span><br><span class="line"></span><br><span class="line"><span class="comment"># Use Aliyun Docker</span></span><br><span class="line">sudo yum-config-manager --add-repo http:<span class="regexp">//mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo</span></span><br><span class="line"><span class="regexp"></span></span><br><span class="line"><span class="regexp">yum install docker-ce</span></span><br><span class="line"><span class="regexp"></span></span><br><span class="line"><span class="regexp">systemctl enable docker</span></span><br><span class="line"><span class="regexp">systemctl start docker</span></span><br></pre></td></tr></table></figure><h3 id="zun-commit-后的镜像磁盘格式为qcow2"><a href="#zun-commit-后的镜像磁盘格式为qcow2" class="headerlink" title="zun commit 后的镜像磁盘格式为qcow2"></a>zun commit 后的镜像磁盘格式为qcow2</h3><figure class="highlight crystal"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">vim /usr/<span class="class"><span class="keyword">lib</span>/<span class="title">python2</span>.7/<span class="title">site</span>-<span class="title">packages</span>/<span class="title">zun</span>/<span class="title">image</span>/<span class="title">glance</span>/<span class="title">driver</span>.<span class="title">py</span></span></span><br><span class="line"></span><br><span class="line">change qcow2 to raw</span><br></pre></td></tr></table></figure><h3 id="Queens-only-support-10-containers"><a href="#Queens-only-support-10-containers" class="headerlink" title="Queens only support 10 containers"></a>Queens only support 10 containers</h3><p>创建容器的时候,默认只能创建10个容器,再创建的时候就会提示安全组无法创建,这是因为service的安全组配额太小了,只需要将service项目的安全组配额调大即可。<br>但是为什么会在service项目中创建安全组呢?</p><h3 id="安装时指定服务文件路径"><a href="#安装时指定服务文件路径" class="headerlink" title="安装时指定服务文件路径"></a>安装时指定服务文件路径</h3><figure class="highlight crystal"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">官方文档默认为ubuntu配置,服务路径为:</span><br><span class="line"></span><br><span class="line">/etc/systemd/system/zun-api.service</span><br><span class="line"></span><br><span class="line">Centos的路径为:</span><br><span class="line"></span><br><span class="line">/usr/<span class="class"><span class="keyword">lib</span>/<span class="title">systemd</span>/<span class="title">system</span>/<span class="title">zun</span>-<span class="title">api</span>.<span class="title">service</span></span></span><br></pre></td></tr></table></figure><h3 id="安装完zun之后,重启nova服务提示错误"><a href="#安装完zun之后,重启nova服务提示错误" class="headerlink" title="安装完zun之后,重启nova服务提示错误"></a>安装完zun之后,重启nova服务提示错误</h3><p>TypeError: <strong>init</strong>() got an unexpected keyword argument ‘retry_on_request’</p><p><strong>解决方法</strong>:</p><figure class="highlight crystal"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">pip install oslo.db==<span class="number">4.24</span>.<span class="number">0</span></span><br><span class="line"></span><br><span class="line">or</span><br><span class="line"></span><br><span class="line">修改文件</span><br><span class="line">/usr/<span class="class"><span class="keyword">lib</span>/<span class="title">python2</span>.7/<span class="title">site</span>-<span class="title">packages</span>/<span class="title">nova</span>/<span class="title">db</span>/<span class="title">sqlalchemy</span>/<span class="title">api</span>.<span class="title">py</span></span></span><br><span class="line">去除里面所有的retry_on_request参数</span><br></pre></td></tr></table></figure><h3 id="启动容器时提示错误-A-binding-script-for-this-type-can’t-be-found"><a href="#启动容器时提示错误-A-binding-script-for-this-type-can’t-be-found" class="headerlink" title="启动容器时提示错误: A binding script for this type can’t be found."></a>启动容器时提示错误: A binding script for this type can’t be found.</h3><figure class="highlight applescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">docker: Error response <span class="keyword">from</span> daemon: failed <span class="keyword">to</span> create endpoint adoring_roentgen <span class="keyword">on</span> network test_net: NetworkDriver.CreateEndpoint: vif_type(bridge) <span class="keyword">is</span> <span class="keyword">not</span> supported. A binding <span class="keyword">script</span> <span class="keyword">for</span> this type can't be found.</span><br></pre></td></tr></table></figure><p>需要检查kuryr配置文件中binddir的配置路径是否正确</p><figure class="highlight makefile"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">官网为ubuntu文档,路径为:</span><br><span class="line">bindir = /usr/local/libexec/kuryr</span><br><span class="line"></span><br><span class="line">centos的路径实际为:</span><br><span class="line">bindir = /usr/libexec/kuryr</span><br></pre></td></tr></table></figure><hr><h3 id="docker-默认会修改FORWARD-policy为DROP"><a href="#docker-默认会修改FORWARD-policy为DROP" class="headerlink" title="docker 默认会修改FORWARD policy为DROP"></a>docker 默认会修改FORWARD policy为DROP</h3><p>需要加iptables=false参数</p><figure class="highlight jboss-cli"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">[Service]</span><br><span class="line">ExecStart=</span><br><span class="line">ExecStart=<span class="string">/usr/bin/dockerd</span> <span class="params">--iptables=false</span> <span class="params">--group</span> zun -H tcp:<span class="string">//compute1</span><span class="function">:2375</span> -H unix:<span class="string">///var/run/docker.sock</span> <span class="params">--cluster-store</span> etcd:<span class="string">//controller</span><span class="function">:2379</span></span><br></pre></td></tr></table></figure><hr><h3 id="kuryr-libnetwork服务无法自启动"><a href="#kuryr-libnetwork服务无法自启动" class="headerlink" title="kuryr-libnetwork服务无法自启动"></a>kuryr-libnetwork服务无法自启动</h3><p>在centos7上安装kuryr-libnetwork服务,服务器重启后,kuryr服务总是启动失败,需要手动重启一下才可以,解决方法就是修改服务文件,让服务启动失败后自动重启</p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">cat > /usr/lib/systemd/system/kuryr-libnetwork.service << EOF</span><br><span class="line">[Unit]</span><br><span class="line">Description = Kuryr-libnetwork - Docker<span class="built_in"> network </span>plugin <span class="keyword">for</span> Neutron</span><br><span class="line"><span class="attribute">After</span>=syslog.target network.target</span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">ExecStart = /usr/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf</span><br><span class="line">CapabilityBoundingSet = CAP_NET_ADMIN</span><br><span class="line"><span class="attribute">Restart</span>=always</span><br><span class="line"><span class="attribute">RestartSec</span>=10s</span><br><span class="line"><span class="attribute">TimeoutStartSec</span>=0</span><br><span class="line"></span><br><span class="line">[Install]</span><br><span class="line">WantedBy = multi-user.target</span><br><span class="line">EOF</span><br></pre></td></tr></table></figure><hr><h3 id="Too-many-open-files"><a href="#Too-many-open-files" class="headerlink" title="Too many open files"></a>Too many open files</h3><p><strong>最大打开文件数配置(Centos)</strong></p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">编辑文件/etc/pam.d/login,</span> <span class="string">添加</span></span><br><span class="line"></span><br><span class="line"><span class="string">session</span> <span class="string">required</span> <span class="string">pam_limits.so</span></span><br><span class="line"></span><br><span class="line"><span class="meta">---</span></span><br><span class="line"></span><br><span class="line"><span class="string">编辑文件/etc/security/limits.conf,添加</span></span><br><span class="line"></span><br><span class="line"><span class="string">*</span> <span class="string">soft</span> <span class="string">nofile</span> <span class="number">65536</span></span><br><span class="line"><span class="string">*</span> <span class="string">hard</span> <span class="string">nofile</span> <span class="number">200000</span></span><br><span class="line"></span><br><span class="line"><span class="string">修改完成后重启系统</span></span><br><span class="line"></span><br><span class="line"><span class="meta">---</span></span><br><span class="line"><span class="string">检查命令:</span> <span class="string">ulimit</span> <span class="bullet">-a</span></span><br></pre></td></tr></table></figure><p><a href="https://github.com/basho/basho_docs/blob/master/content/riak/kv/2.2.3/using/performance/open-files-limit.md#enable-pam-based-limits-for-centos-and-red-hat" target="_blank" rel="external">Enable PAM-Based Limits for CentOS and Red Hat</a></p><p><strong>Rabbitmq 配置(Centos)</strong> </p><figure class="highlight crystal"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">手动创建limits文件</span><br><span class="line">vim /usr/<span class="class"><span class="keyword">lib</span>/<span class="title">systemd</span>/<span class="title">system</span>/<span class="title">rabbitmq</span>-<span class="title">server</span>.<span class="title">service</span>.<span class="title">d</span>/<span class="title">limits</span>.<span class="title">conf</span></span></span><br><span class="line"></span><br><span class="line">[Service]</span><br><span class="line">LimitNOFILE=<span class="number">200000</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 修改后查看</span></span><br><span class="line">rabbitmqctl status</span><br></pre></td></tr></table></figure><p><a href="http://www.rabbitmq.com/install-debian.html#kernel-resource-limits" target="_blank" rel="external">Rabbitmq Controlling System Limits on Linux</a></p><hr><h3 id="Docker-internal-error-400-Client-Error-Bad-Request-“5-matches-found-based-on-name-network-e75331b9-d439-4cd8-bccd-e38ffa847e5b-is-ambiguous”"><a href="#Docker-internal-error-400-Client-Error-Bad-Request-“5-matches-found-based-on-name-network-e75331b9-d439-4cd8-bccd-e38ffa847e5b-is-ambiguous”" class="headerlink" title="Docker internal error: 400 Client Error: Bad Request (“5 matches found based on name: network e75331b9-d439-4cd8-bccd-e38ffa847e5b is ambiguous”)."></a>Docker internal error: 400 Client Error: Bad Request (“5 matches found based on name: network e75331b9-d439-4cd8-bccd-e38ffa847e5b is ambiguous”).</h3><ul><li>查看当前网络,发现里面kuryr.net.existing里面的确存在5个网络</li></ul><figure class="highlight gherkin"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br></pre></td><td class="code"><pre><span class="line">[root<span class="meta">@controller</span> ~]<span class="comment"># neutron net-show e75331b9-d439-4cd8-bccd-e38ffa847e5b</span></span><br><span class="line">neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.</span><br><span class="line">+---------------------------+----------------------------------------------------+</span><br><span class="line">|<span class="string"> Field </span>|<span class="string"> Value </span>|</span><br><span class="line">+---------------------------+----------------------------------------------------+</span><br><span class="line">|<span class="string"> admin_state_up </span>|<span class="string"> True </span>|</span><br><span class="line">|<span class="string"> availability_zone_hints </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> availability_zones </span>|<span class="string"> nova </span>|</span><br><span class="line">|<span class="string"> created_at </span>|<span class="string"> 2018-03-30T05:59:01Z </span>|</span><br><span class="line">|<span class="string"> description </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> id </span>|<span class="string"> e75331b9-d439-4cd8-bccd-e38ffa847e5b </span>|</span><br><span class="line">|<span class="string"> ipv4_address_scope </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> ipv6_address_scope </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> mtu </span>|<span class="string"> 1450 </span>|</span><br><span class="line">|<span class="string"> name </span>|<span class="string"> docker-network </span>|</span><br><span class="line">|<span class="string"> port_security_enabled </span>|<span class="string"> True </span>|</span><br><span class="line">|<span class="string"> project_id </span>|<span class="string"> d090490b14804bbd9126b528690762bb </span>|</span><br><span class="line">|<span class="string"> provider:network_type </span>|<span class="string"> vxlan </span>|</span><br><span class="line">|<span class="string"> provider:physical_network </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> provider:segmentation_id </span>|<span class="string"> 3 </span>|</span><br><span class="line">|<span class="string"> qos_policy_id </span>|<span class="string"> </span>|</span><br><span class="line">|<span class="string"> revision_number </span>|<span class="string"> 18 </span>|</span><br><span class="line">|<span class="string"> router:external </span>|<span class="string"> False </span>|</span><br><span class="line">|<span class="string"> shared </span>|<span class="string"> False </span>|</span><br><span class="line">|<span class="string"> status </span>|<span class="string"> ACTIVE </span>|</span><br><span class="line">|<span class="string"> subnets </span>|<span class="string"> a3b82b6a-0bd9-4e32-bb49-1cb9f88bef4c </span>|</span><br><span class="line">|<span class="string"> tags </span>|<span class="string"> kuryr.net.existing:05371ce16057 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.existing:4e23fd03c115 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.existing:ac0a6b754325 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.existing:f27659ac4816 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.existing:f860711c7eb4 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.lh:05371ce1605772ff36b2b68cf254e4c0 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.lh:4e23fd03c115194944281bd1327dec60 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.lh:ac0a6b754325bfefc8866f17846f0760 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.lh:f27659ac4816866517c5c7cfefdd4273 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.lh:f860711c7eb4b2a1d2f839900f2da951 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.uh:3b690cfa7614b0a0842503a92cdc1b9a </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.uh:87967795655bf3b0e2d2260cc9b45030 </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.uh:8ed7202da5f7e2b5ba84466febab9b0c </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.uh:cdb0b4fc5371ab72664603ceb559214c </span>|</span><br><span class="line">|<span class="string"> </span>|<span class="string"> kuryr.net.uuid.uh:e62e2ad1924e61820b27b7d60881be77 </span>|</span><br><span class="line">|<span class="string"> tenant_id </span>|<span class="string"> d090490b14804bbd9126b528690762bb </span>|</span><br><span class="line">|<span class="string"> updated_at </span>|<span class="string"> 2018-03-30T06:03:47Z </span>|</span><br><span class="line">+---------------------------+----------------------------------------------------+</span><br></pre></td></tr></table></figure><ul><li>查看docker的网络,发现当前网络对应的也是5个网络</li></ul><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]# docker<span class="built_in"> network </span>list</span><br><span class="line">NETWORK ID NAME DRIVER SCOPE</span><br><span class="line">400ab99042af 05480a38-a630-45b9-84ef-c61f06a5c856 kuryr global</span><br><span class="line">af1eab7ed8da <span class="built_in"> bridge </span> <span class="built_in"> bridge </span> local</span><br><span class="line">ac0a6b754325 e75331b9-d439-4cd8-bccd-e38ffa847e5b kuryr global</span><br><span class="line">f27659ac4816 e75331b9-d439-4cd8-bccd-e38ffa847e5b kuryr global</span><br><span class="line">f860711c7eb4 e75331b9-d439-4cd8-bccd-e38ffa847e5b kuryr global</span><br><span class="line">4e23fd03c115 e75331b9-d439-4cd8-bccd-e38ffa847e5b kuryr global</span><br><span class="line">05371ce16057 e75331b9-d439-4cd8-bccd-e38ffa847e5b kuryr global</span><br><span class="line">77a18912ed7b host host local</span><br><span class="line">4240711342ea none <span class="literal">null</span> local</span><br></pre></td></tr></table></figure><p><strong>解决方法 ???</strong></p><p>直接在horizon页面上创建的网络及子网会有这个问题,解决方法是使用docker命令来创建子网</p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">1. 在openstack上创建网络(docker-network),创建时不创建子网</span><br><span class="line"></span><br><span class="line">2. 使用docker命令创建子网,指定openstack上创建的网络名称 </span><br><span class="line">docker<span class="built_in"> network </span>create -d kuryr <span class="attribute">--ipam-driver</span>=kuryr <span class="attribute">--subnet</span>=172.19.0.0/16 <span class="attribute">--gateway</span>=172.19.0.1 -o neutron.net.<span class="attribute">name</span>=docker-network openstack-docker-network</span><br><span class="line"></span><br><span class="line">3. 在openstack上创建路由器,并绑定网络接口</span><br></pre></td></tr></table></figure><hr><h3 id="Internal-Server-Error"><a href="#Internal-Server-Error" class="headerlink" title="Internal Server Error"></a>Internal Server Error</h3><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">500<span class="built_in"> Server </span>Error: Internal<span class="built_in"> Server </span><span class="builtin-name">Error</span> (<span class="string">"Get https://index.docker.io/v1/search?q=docker-ubuntu&n=25: net/http: TLS handshake timeout"</span>) Traceback (most recent call last): File <span class="string">"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py"</span>, line 163, <span class="keyword">in</span> _process_incoming res = self.dispatcher.dispatch(message) File <span class="string">"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py"</span>, line 220, <span class="keyword">in</span> dispatch return self._do_dispatch(endpoint, method, ctxt, args) File <span class="string">"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py"</span>, line 190, <span class="keyword">in</span> _do_dispatch result = func(ctxt, **new_args) File <span class="string">"/usr/lib/python2.7/site-packages/zun/common/utils.py"</span>, line 193, <span class="keyword">in</span> decorated_function return function(self, context, <span class="number">*a</span>rgs, **kwargs) File <span class="string">"/usr/lib/python2.7/site-packages/zun/compute/manager.py"</span>, line 891, <span class="keyword">in</span> image_search image_driver_name, exact_match) File <span class="string">"/usr/lib/python2.7/site-packages/zun/image/driver.py"</span>, line 103, <span class="keyword">in</span> search_image raise exception.ZunException(six.text_type(e)) ZunException: 500<span class="built_in"> Server </span>Error: Internal<span class="built_in"> Server </span><span class="builtin-name">Error</span> (<span class="string">"Get https://index.docker.io/v1/search?q=docker-ubuntu&n=25: net/http: TLS handshake timeout"</span>)</span><br></pre></td></tr></table></figure><p>解决方法:</p><p>搭建本地镜像源或者修改image_driver=glance</p><hr><h3 id="修改docker容器MTU"><a href="#修改docker容器MTU" class="headerlink" title="修改docker容器MTU"></a>修改docker容器MTU</h3><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> vi /etc/systemd/system/docker.service.d/docker.conf </span></span><br><span class="line">ExecStart=/usr/bin/docker --mtu 1400</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> sudo systemctl daemon-reload</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> sudo service docker restart</span></span><br></pre></td></tr></table></figure><p>To configure the default bridge network, you specify options in daemon.json.</p><figure class="highlight json"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">{</span><br><span class="line"> <span class="attr">"bip"</span>: <span class="string">"192.168.1.5/24"</span>,</span><br><span class="line"> <span class="attr">"fixed-cidr"</span>: <span class="string">"192.168.1.5/25"</span>,</span><br><span class="line"> <span class="attr">"fixed-cidr-v6"</span>: <span class="string">"2001:db8::/64"</span>,</span><br><span class="line"> <span class="attr">"mtu"</span>: <span class="number">1500</span>,</span><br><span class="line"> <span class="attr">"default-gateway"</span>: <span class="string">"10.20.1.1"</span>,</span><br><span class="line"> <span class="attr">"default-gateway-v6"</span>: <span class="string">"2001:db8:abcd::89"</span>,</span><br><span class="line"> <span class="attr">"dns"</span>: [<span class="string">"10.20.1.2"</span>,<span class="string">"10.20.1.3"</span>]</span><br><span class="line">}</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h3 id="安装-zun"><a href="#安装-zun" class="headerlink" title="安装 zun"></a>安装 zun</h3><p><a href="https://review.openstack.org/#/c/504537/11/doc/source/install/controller-install-ubuntu.rst" target="_blank" rel="external">https://review.openstack.org/#/c/504537/11/doc/source/install/controller-install-ubuntu.rst</a></p>
<p><a href="https://review.openstack.org/#/c/504537/11/doc/source/install/compute-install-ubuntu.rst" target="_blank" rel="external">https://review.openstack.org/#/c/504537/11/doc/source/install/compute-install-ubuntu.rst</a></p>
<p>Queens版安装文档: <a href="https://docs.openstack.org/zun/queens/install/" target="_blank" rel="external">https://docs.openstack.org/zun/queens/install/</a></p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="zun" scheme="http://pystack.org/tags/zun/"/>
<category term="docker" scheme="http://pystack.org/tags/docker/"/>
<category term="kuryr" scheme="http://pystack.org/tags/kuryr/"/>
</entry>
<entry>
<title>安装Openstack Magnum模块遇到的问题</title>
<link href="http://pystack.org/2017/10/10/errors-while-installing-openstack-magnum/"/>
<id>http://pystack.org/2017/10/10/errors-while-installing-openstack-magnum/</id>
<published>2017-10-10T10:39:24.000Z</published>
<updated>2017-11-16T02:33:21.353Z</updated>
<content type="html"><![CDATA[<h1 id="Magnum安装配置"><a href="#Magnum安装配置" class="headerlink" title="Magnum安装配置"></a>Magnum安装配置</h1><p>官方文档: <a href="https://docs.openstack.org/project-install-guide/container-infrastructure-management/draft/install-rdo.html" target="_blank" rel="external">https://docs.openstack.org/project-install-guide/container-infrastructure-management/draft/install-rdo.html</a></p><p>从源码安装Magnum <a href="https://docs.openstack.org/magnum/latest/install/install-guide-from-source.html" target="_blank" rel="external">https://docs.openstack.org/magnum/latest/install/install-guide-from-source.html</a></p><hr><h2 id="swarm-cluster创建超时"><a href="#swarm-cluster创建超时" class="headerlink" title="swarm-cluster创建超时"></a>swarm-cluster创建超时</h2><p>现象就是swarm-master一直显示在创建中,然后超过60分钟后,显示创建失败,heat显示的错误是Timeout</p><p><strong>解决方法:</strong><br>超时问题是因为虚拟机中解析不到controller对应的IP地址,需要讲keystone, heat, magnum 的 public endpoint改成 IP地址。</p><a id="more"></a><hr><h2 id="swarm-manager-service-failed-to-start"><a href="#swarm-manager-service-failed-to-start" class="headerlink" title="swarm-manager service failed to start"></a>swarm-manager service failed to start</h2><p>创建swarm-master是,提示swarm-manager服务启动失败,登录到虚拟机内发现etcd,swarm-manager服务都启动失败,etcd启动失败的原因是 “open /etc/docker/server.crt: no such file or directory” ,正常的/etc/docker/下面应该有三个证书文件,但错误的虚拟机里只有一个。</p><p><strong>错误日志</strong> : /var/log/message</p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">2017-11-02 15:41:35.325 24030 <span class="builtin-name">WARNING</span> magnum.common.keystone [req-1f4cec3b-d7a7-4143-825a-728cda9b1a7d - - - - -] Auth plugin <span class="keyword">and</span> its options <span class="keyword">for</span><span class="built_in"> service user </span>must be provided <span class="keyword">in</span> [keystone_auth] section. Using values <span class="keyword">from</span> [keystone_authtoken] section is deprecated.: MissingRequiredOptions: Auth plugin requires parameters which were <span class="keyword">not</span> given: auth_url</span><br><span class="line">2017-11-02 15:41:48.275 24026 <span class="builtin-name">ERROR</span> magnum.drivers.heat.driver [req-609a5a1b-14f1-4e78-b22c-c93c806c36d9 - - - - -] Cluster error, stack status: CREATE_FAILED, stack_id: 420d9818-06a6-4a9c-9d86-f11aaf225eb2, reason:<span class="built_in"> Resource </span>CREATE failed: WaitConditionFailure: resources.swarm_masters.resources[0].resources.master_wait_condition: swarm-manager<span class="built_in"> service </span>failed <span class="keyword">to</span> start.</span><br><span class="line">2017-11-02 15:41:48.921 24029 <span class="builtin-name">ERROR</span> magnum.drivers.heat.driver [req-9160df5d-338f-4acc-aab8-e3c8c3370703 - - - - -] Cluster error, stack status: CREATE_FAILED, stack_id: 420d9818-06a6-4a9c-9d86-f11aaf225eb2, reason:<span class="built_in"> Resource </span>CREATE failed: WaitConditionFailure: resources.swarm_masters.resources[0].resources.master_wait_condition: swarm-manager<span class="built_in"> service </span>failed <span class="keyword">to</span> start.</span><br></pre></td></tr></table></figure><p><strong>虚拟机服务状态</strong> </p><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">[fedora@swarm-cluster-i7bkbockqyvu-master-0 ~]$ sudo systemctl <span class="keyword">start</span> swarm-manager</span><br><span class="line">A dependency job <span class="keyword">for</span> swarm-manager.service failed. See <span class="string">'journalctl -xe'</span> <span class="keyword">for</span> details.</span><br><span class="line">[fedora@swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0</span> ~]$ journalctl -xe</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: recognized <span class="keyword">and</span> used environment <span class="keyword">variable</span> ETCD_PEER_CERT_FILE=/etc/docker/server.crt</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: recognized <span class="keyword">and</span> used environment <span class="keyword">variable</span> ETCD_PEER_KEY_FILE=/etc/docker/server.key</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: recognized environment <span class="keyword">variable</span> ETCD_NAME, but <span class="keyword">unused</span>: shadowed <span class="keyword">by</span> <span class="keyword">corresponding</span> flag </span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: recognized environment <span class="keyword">variable</span> ETCD_DATA_DIR, but <span class="keyword">unused</span>: shadowed <span class="keyword">by</span> <span class="keyword">corresponding</span> fl</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: recognized environment <span class="keyword">variable</span> ETCD_LISTEN_CLIENT_URLS, but <span class="keyword">unused</span>: shadowed <span class="keyword">by</span> corres</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: etcd <span class="keyword">Version</span>: <span class="number">3.1</span><span class="number">.3</span></span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: Git <span class="keyword">SHA</span>: <span class="number">21</span>fdcc6</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: <span class="keyword">Go</span> <span class="keyword">Version</span>: go1<span class="number">.7</span><span class="number">.5</span></span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: <span class="keyword">Go</span> OS/Arch: linux/amd64</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: setting maximum <span class="built_in">number</span> <span class="keyword">of</span> CPUs <span class="keyword">to</span> <span class="number">4</span>, total <span class="built_in">number</span> <span class="keyword">of</span> available CPUs <span class="keyword">is</span> <span class="number">4</span></span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: peerTLS: cert = /etc/docker/server.crt, <span class="keyword">key</span> = /etc/docker/server.key, ca = /etc/docker/</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal etcd[<span class="number">2452</span>]: <span class="keyword">open</span> /etc/docker/server.crt: <span class="keyword">no</span> such <span class="keyword">file</span> <span class="keyword">or</span> <span class="keyword">directory</span></span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal systemd[<span class="number">1</span>]: etcd.service: <span class="keyword">Main</span> process exited, code=exited, <span class="keyword">status</span>=<span class="number">1</span>/<span class="keyword">FAILURE</span></span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal <span class="keyword">audit</span>[<span class="number">1</span>]: SERVICE_START pid=<span class="number">1</span> uid=<span class="number">0</span> auid=<span class="number">4294967295</span> ses=<span class="number">4294967295</span> subj=system_u:system_r:init_t:s0</span><br><span class="line">Nov <span class="number">01</span> <span class="number">06</span>:<span class="number">55</span>:<span class="number">44</span> swarm-cluster-i7bkbockqyvu-<span class="keyword">master</span><span class="number">-0.</span>novalocal systemd[<span class="number">1</span>]: <span class="keyword">Failed</span> <span class="keyword">to</span> <span class="keyword">start</span> Etcd Server.</span><br><span class="line"><span class="comment">-- Subject: Unit etcd.service has failed</span></span><br><span class="line"><span class="comment">-- Defined-By: systemd</span></span><br><span class="line"><span class="comment">-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel</span></span><br><span class="line"><span class="comment">-- </span></span><br><span class="line"><span class="comment">-- Unit etcd.service has failed.</span></span><br><span class="line"><span class="comment">-- </span></span><br><span class="line"><span class="comment">-- The result is failed.</span></span><br></pre></td></tr></table></figure><p><strong>Cloud-init 日志</strong> : /var/log/cloud-init-output.log</p><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line">Cloud-init v. 0.7.9 running 'modules:config' at Thu, 02 Nov 2017 02:07:02 +0000. Up 39.38 seconds.</span><br><span class="line">removing docker key</span><br><span class="line">Traceback (most recent <span class="keyword">call</span> <span class="keyword">last</span>):</span><br><span class="line"> <span class="keyword">File</span> <span class="string">"/var/lib/cloud/instance/scripts/part-004"</span>, line <span class="number">181</span>, <span class="keyword">in</span> <<span class="keyword">module</span>></span><br><span class="line"> sys.exit(<span class="keyword">main</span>())</span><br><span class="line"> <span class="keyword">File</span> <span class="string">"/var/lib/cloud/instance/scripts/part-004"</span>, line <span class="number">174</span>, <span class="keyword">in</span> <span class="keyword">main</span></span><br><span class="line"> write_ca_cert(config)</span><br><span class="line"> <span class="keyword">File</span> <span class="string">"/var/lib/cloud/instance/scripts/part-004"</span>, line <span class="number">93</span>, <span class="keyword">in</span> write_ca_cert</span><br><span class="line"> fp.write(ca_cert_resp.json()[<span class="string">'pem'</span>])</span><br><span class="line">KeyError: <span class="string">'pem'</span></span><br><span class="line">Cloud-init v. <span class="number">0.7</span><span class="number">.9</span> running <span class="string">'modules:final'</span> <span class="keyword">at</span> Thu, <span class="number">02</span> Nov <span class="number">2017</span> <span class="number">02</span>:<span class="number">07</span>:<span class="number">05</span> +<span class="number">0000.</span> Up <span class="number">41.72</span> seconds.</span><br><span class="line"><span class="number">2017</span><span class="number">-11</span><span class="number">-02</span> <span class="number">02</span>:<span class="number">07</span>:<span class="number">09</span>,<span class="number">335</span> - util.py[<span class="keyword">WARNING</span>]: <span class="keyword">Failed</span> running /<span class="keyword">var</span>/lib/cloud/<span class="keyword">instance</span>/scripts/part<span class="number">-004</span> [<span class="number">1</span>]</span><br><span class="line">Configuring docker network ...</span><br><span class="line"></span><br><span class="line">... ...</span><br><span class="line"></span><br><span class="line">notifying heat</span><br><span class="line"> % Total % Received % Xferd Average Speed <span class="keyword">Time</span> <span class="keyword">Time</span> <span class="keyword">Time</span> <span class="keyword">Current</span></span><br><span class="line"> Dload Upload Total Spent <span class="keyword">Left</span> Speed</span><br><span class="line"><span class="number">100</span> <span class="number">113</span> <span class="number">100</span> <span class="number">4</span> <span class="number">100</span> <span class="number">109</span> <span class="number">5</span> <span class="number">142</span> <span class="comment">--:--:-- --:--:-- --:--:-- 142</span></span><br><span class="line"><span class="keyword">HTTP</span>/<span class="number">1.1</span> <span class="number">200</span> OK</span><br><span class="line"><span class="keyword">Content</span>-<span class="keyword">Type</span>: application/<span class="keyword">json</span></span><br><span class="line"><span class="keyword">Content</span>-<span class="keyword">Length</span>: <span class="number">4</span></span><br><span class="line">X-Openstack-Request-<span class="keyword">Id</span>: req<span class="number">-96486</span>cd4-c8ae<span class="number">-4465</span>-b37b<span class="number">-31296</span>c2383b9</span><br><span class="line"> te: Thu, <span class="number">02</span> Nov <span class="number">2017</span> <span class="number">02</span>:<span class="number">07</span>:<span class="number">13</span> GMT</span><br><span class="line">▽</span><br><span class="line"><span class="literal">null</span>+ <span class="string">'['</span> -z <span class="string">''</span> <span class="string">']'</span></span><br><span class="line">+ <span class="keyword">exit</span> <span class="number">0</span></span><br><span class="line"><span class="number">2017</span><span class="number">-11</span><span class="number">-02</span> <span class="number">02</span>:<span class="number">07</span>:<span class="number">14</span>,<span class="number">039</span> - cc_scripts_user.py[<span class="keyword">WARNING</span>]: <span class="keyword">Failed</span> <span class="keyword">to</span> run <span class="keyword">module</span> scripts-<span class="keyword">user</span> (scripts <span class="keyword">in</span> /<span class="keyword">var</span>/lib/cloud/<span class="keyword">instance</span>/scripts)</span><br><span class="line"><span class="number">2017</span><span class="number">-11</span><span class="number">-02</span> <span class="number">02</span>:<span class="number">07</span>:<span class="number">14</span>,<span class="number">051</span> - util.py[<span class="keyword">WARNING</span>]: Running <span class="keyword">module</span> scripts-<span class="keyword">user</span> (<<span class="keyword">module</span> <span class="string">'cloudinit.config.cc_scripts_user'</span> <span class="keyword">from</span> <span class="string">'/usr/lib/python3.5/site-packages/cloudinit/config/cc_scripts_user.py'</span>>) <span class="keyword">failed</span></span><br><span class="line">Cloud-init v. <span class="number">0.7</span><span class="number">.9</span> finished <span class="keyword">at</span> Thu, <span class="number">02</span> Nov <span class="number">2017</span> <span class="number">02</span>:<span class="number">07</span>:<span class="number">14</span> +<span class="number">0000.</span> Datasource DataSourceOpenStack [net,ver=<span class="number">2</span>]. Up <span class="number">50.91</span> seconds</span><br></pre></td></tr></table></figure><p><strong>解决方法</strong>: </p><p><strong>虚拟机初始化代码出错位置</strong></p><figure class="highlight arduino"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">def write_server_cert(<span class="built_in">config</span>, csr_req):</span><br><span class="line"> cert_url = <span class="string">'%s/certificates'</span> % <span class="built_in">config</span>[<span class="string">'MAGNUM_URL'</span>]</span><br><span class="line"> headers = {</span><br><span class="line"> <span class="string">'Content-Type'</span>: <span class="string">'application/json'</span>,</span><br><span class="line"> <span class="string">'X-Auth-Token'</span>: <span class="built_in">config</span>[<span class="string">'USER_TOKEN'</span>],</span><br><span class="line"> <span class="string">'OpenStack-API-Version'</span>: <span class="string">'container-infra latest'</span></span><br><span class="line"> }</span><br><span class="line"> csr_resp = requests.post(cert_url,</span><br><span class="line"> data=json.dumps(csr_req),</span><br><span class="line"> headers=headers)</span><br><span class="line"></span><br><span class="line"> with <span class="built_in">open</span>(SERVER_CERT_PATH, <span class="string">'w'</span>) as fp:</span><br><span class="line"> fp.<span class="built_in">write</span>(csr_resp.json()[<span class="string">'pem'</span>])</span><br></pre></td></tr></table></figure><p>从出错的位置可以看出,就是虚拟机请求certificates时出了问题。在Postman中测试,先生成token,再请求certificates</p><h3 id="User-Token"><a href="#User-Token" class="headerlink" title="User Token"></a>User Token</h3><figure class="highlight xquery"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line">-- POST http://<span class="number">10.10</span>.<span class="number">80.10</span>:<span class="number">5000</span>/v3/auth/tokens</span><br><span class="line"></span><br><span class="line">{</span><br><span class="line"> <span class="string">"token"</span>: {</span><br><span class="line"> <span class="string">"issued_at"</span>: <span class="string">"2017-11-01T08:44:05.000000Z"</span>,</span><br><span class="line"> <span class="string">"audit_ids"</span>: [</span><br><span class="line"> <span class="string">"OfBOuEzrToWzC8aer5miKQ"</span></span><br><span class="line"> ],</span><br><span class="line"> <span class="string">"methods"</span>: [</span><br><span class="line"> <span class="string">"password"</span></span><br><span class="line"> ],</span><br><span class="line"> <span class="string">"expires_at"</span>: <span class="string">"2017-11-01T09:44:05.000000Z"</span>,</span><br><span class="line"> <span class="string">"user"</span>: {</span><br><span class="line"> <span class="string">"password_expires_at"</span>: null,</span><br><span class="line"> <span class="string">"domain"</span>: {</span><br><span class="line"> <span class="string">"id"</span>: <span class="string">"53bd6f95db004eb3807c66fcbaa45300"</span>,</span><br><span class="line"> <span class="string">"name"</span>: <span class="string">"magnum"</span></span><br><span class="line"> },</span><br><span class="line"> <span class="string">"id"</span>: <span class="string">"175717d8f4d64b39ba9bc3001e3d8f1c"</span>,</span><br><span class="line"> <span class="string">"name"</span>: <span class="string">"a6a9cfc8-e8bc-4c6a-a452-4684d98ae925_08b173e0db2049e59d19bdd0e45f6b36"</span></span><br><span class="line"> }</span><br><span class="line"> }</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h3 id="Get-Certificates-:-正确的返回"><a href="#Get-Certificates-:-正确的返回" class="headerlink" title="Get Certificates : 正确的返回"></a>Get Certificates : 正确的返回</h3><p>正确的返回是一个json格式的数据,里面有”pem”这一项,刚好是虚拟机初始化时报错的地方</p><figure class="highlight taggerscript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">-- GET http://10.10.80.10:9511/v1/certificates/[CLUSTER_ID]</span><br><span class="line"></span><br><span class="line">{</span><br><span class="line"> "cluster_uuid": "a6a9cfc8-e8bc-4c6a-a452-4684d98ae925",</span><br><span class="line"> "pem": "-----BEGIN CERTIFICATE-----<span class="symbol">\n</span>MIIC4jCCAcqgAwIBAgIQR2pl521NS3yFmBrbxWgqdjANBgkqhkiG9w0BAQsFADAZ<span class="symbol">\n</span>MRcwFQYDVQQDDA5zd2FybS1jbHVzdGVyMjAeFw0xNzEwMzExNjAzMzJaFw0yMjEw<span class="symbol">\n</span>MzExNjAzMzJaMBkxFzAVBgNVBAMMDnN3YXJtLWNsdXN0ZXIyMIIBIjANBgkqhkiG<span class="symbol">\n</span>9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFSJd60hC3UGIFazXBj+GmyeI9gU6a8WJbP8<span class="symbol">\n</span>UYieqBnmnpt4GlbvTJbzJFQMwL9bqtzbDv0+Hn0O7GIjS6NzncM7fiDkkbCVlXk8<span class="symbol">\n</span>ox7cyJf3KGVuUaHukubJkqX5EMecw2McIPJmfhQQdX6Z5asmHOIU/EfULCoaOtH4<span class="symbol">\n</span>DptVi7AroQepeB22HIVVR6O4/9vH5r9ET0QPEsu1WnRUZNfniJC7gl9jp1SwDBRD<span class="symbol">\n</span>+DRtA4g8pg+d8KEw/yueurdV8oN9QupuH/xcwlR2Oi4d6sRio+aefv6/4iATtNo5<span class="symbol">\n</span>MOLzVK6OtALNiO2j9vRHBZAIjRvkPE8XbFNqeURwu8KX5cogmwIDAQABoyYwJDAS<span class="symbol">\n</span>BgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0BAQsF<span class="symbol">\n</span>AAOCAQEAmmAgrH3cqCSrCMSqv1HiWBBviguoXx0yLgJoX4Z57DqY6mTf+Zv1dqEf<span class="symbol">\n</span>gdBe2lpFv2t5CeTk9wjr0iMIbg92KiayUCkty85n/VMa3PWw1iIxc3oCRVX3esNE<span class="symbol">\n</span>dMvMwaME0iPVnqh8+b6f6dop9OrNDIrGvoovAaUoqgaF+WCYZGBiqMzSw/MIhrjZ<span class="symbol">\n</span>v/kDf52CjfvFy0N+JSQgVQULr0+U1/Q+KnztrX1g95LMQjcP0mWHag6F4JT2Ty6A<span class="symbol">\n</span>vZ24sWtj/NXatvZ+aty/eHFt1f4BV9HXho5EPDPkheomZnalrrMKpJk/3jAd+REZ<span class="symbol">\n</span>bUP+hs4Fa1sUXZuJjsfeXDnQ2hGm+g==<span class="symbol">\n</span>-----END CERTIFICATE-----<span class="symbol">\n</span>",</span><br><span class="line"> "bay_uuid": "a6a9cfc8-e8bc-4c6a-a452-4684d98ae925",</span><br><span class="line"> "links": [</span><br><span class="line"> {</span><br><span class="line"> "href": "http://10.10.80.10:9511/v1/certificates/a6a9cfc8-e8bc-4c6a-a452-4684d98ae925",</span><br><span class="line"> "rel": "self"</span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> "href": "http://10.10.80.10:9511/certificates/a6a9cfc8-e8bc-4c6a-a452-4684d98ae925",</span><br><span class="line"> "rel": "bookmark"</span><br><span class="line"> }</span><br><span class="line"> ]</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h3 id="Get-Certificates-:-错误的返回"><a href="#Get-Certificates-:-错误的返回" class="headerlink" title="Get Certificates : 错误的返回"></a>Get Certificates : 错误的返回</h3><p>错误返回代码是500,导致我一直以为是magnum代码写的有问题,所以就有了后面一步一步的调试</p><figure class="highlight stata"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">2017-11-02 16:38:33.134 5048 <span class="keyword">ERROR</span> wsme.api [req-4f45fd22-5b2d-4a24-9e93-08b7bfa95e12 15edc195e4bb4b50bf3c26b0bb5e3b09 - 53bd6f95db004eb3807c66fcbaa45300 - -] Server-side <span class="keyword">error</span>: "Remote <span class="keyword">error</span>: BadRequest Invalid <span class="keyword">input</span> <span class="keyword">for</span> field 'identity/password/user/password': None is not of <span class="keyword">type</span> 'string'</span><br><span class="line"></span><br><span class="line">Failed validating '<span class="keyword">type</span>' <span class="keyword">in</span> schema['properties']['identity']['properties']['password']['properties']['user']['properties']['password']:</span><br><span class="line"> {'<span class="keyword">type</span>': 'string'}</span><br><span class="line"></span><br><span class="line"><span class="keyword">On</span> instance['identity']['password']['user']['password']:</span><br><span class="line"> None (HTTP 400) (Request-ID: req-f5ee8f99-7ea3-4679-8f7d-30867ae111a0)</span><br><span class="line">[<span class="keyword">u</span>'Traceback (most recent call last):\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/magnum/conductor/handlers/indirection_api.py"</span>, <span class="keyword">line</span> 33, <span class="keyword">in</span> _object_dispatch\<span class="keyword">n</span> <span class="keyword">return</span> getattr(target, method)(context, *<span class="keyword">args</span>, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/oslo_versionedobjects/base.py"</span>, <span class="keyword">line</span> 184, <span class="keyword">in</span> wrapper\<span class="keyword">n</span> result = fn(cls, context, *<span class="keyword">args</span>, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/magnum/objects/cluster.py"</span>, <span class="keyword">line</span> 139, <span class="keyword">in</span> get_by_uuid\<span class="keyword">n</span> db_cluster = cls.dbapi.get_cluster_by_uuid(context, uuid)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/magnum/db/sqlalchemy/api.py"</span>, <span class="keyword">line</span> 212, <span class="keyword">in</span> get_cluster_by_uuid\<span class="keyword">n</span> <span class="keyword">query</span> = self._add_tenant_filters(context, <span class="keyword">query</span>)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/magnum/db/sqlalchemy/api.py"</span>, <span class="keyword">line</span> 141, <span class="keyword">in</span> _add_tenant_filters\<span class="keyword">n</span> user_name = kst.client.users.<span class="built_in">get</span>(context.user_id).name\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneclient/v3/users.py"</span>, <span class="keyword">line</span> 152, <span class="keyword">in</span> get\<span class="keyword">n</span> user_id=base.getid(user))\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneclient/base.py"</span>, <span class="keyword">line</span> 75, <span class="keyword">in</span> func\<span class="keyword">n</span> <span class="keyword">return</span> <span class="built_in">f</span>(*<span class="keyword">args</span>, **new_kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneclient/base.py"</span>, <span class="keyword">line</span> 349, <span class="keyword">in</span> get\<span class="keyword">n</span> self.key)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneclient/base.py"</span>, <span class="keyword">line</span> 150, <span class="keyword">in</span> _get\<span class="keyword">n</span> resp, body = self.client.<span class="built_in">get</span>(url, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py"</span>, <span class="keyword">line</span> 288, <span class="keyword">in</span> get\<span class="keyword">n</span> <span class="keyword">return</span> self.request(url, \'GET\', **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py"</span>, <span class="keyword">line</span> 447, <span class="keyword">in</span> request\<span class="keyword">n</span> resp = super(LegacyJsonAdapter, self).request(*<span class="keyword">args</span>, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py"</span>, <span class="keyword">line</span> 192, <span class="keyword">in</span> request\<span class="keyword">n</span> <span class="keyword">return</span> self.session.request(url, method, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/positional/__init__.py"</span>, <span class="keyword">line</span> 101, <span class="keyword">in</span> inner\<span class="keyword">n</span> <span class="keyword">return</span> wrapped(*<span class="keyword">args</span>, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/session.py"</span>, <span class="keyword">line</span> 578, <span class="keyword">in</span> request\<span class="keyword">n</span> auth_headers = self.get_auth_headers(auth)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/session.py"</span>, <span class="keyword">line</span> 905, <span class="keyword">in</span> get_auth_headers\<span class="keyword">n</span> <span class="keyword">return</span> auth.get_headers(self, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py"</span>, <span class="keyword">line</span> 90, <span class="keyword">in</span> get_headers\<span class="keyword">n</span> <span class="keyword">token</span> = self.get_token(session)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py"</span>, <span class="keyword">line</span> 89, <span class="keyword">in</span> get_token\<span class="keyword">n</span> <span class="keyword">return</span> self.get_access(session).auth_token\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py"</span>, <span class="keyword">line</span> 135, <span class="keyword">in</span> get_access\<span class="keyword">n</span> self.auth_ref = self.get_auth_ref(session)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py"</span>, <span class="keyword">line</span> 167, <span class="keyword">in</span> get_auth_ref\<span class="keyword">n</span> authenticated=False, <span class="keyword">log</span>=False, **rkwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/session.py"</span>, <span class="keyword">line</span> 853, <span class="keyword">in</span> <span class="keyword">post</span>\<span class="keyword">n</span> <span class="keyword">return</span> self.request(url, \'<span class="keyword">POST</span>\', **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/positional/__init__.py"</span>, <span class="keyword">line</span> 101, <span class="keyword">in</span> inner\<span class="keyword">n</span> <span class="keyword">return</span> wrapped(*<span class="keyword">args</span>, **kwargs)\<span class="keyword">n</span>', <span class="keyword">u</span>' <span class="keyword">File</span> <span class="string">"/usr/lib/python2.7/site-packages/keystoneauth1/session.py"</span>, <span class="keyword">line</span> 742, <span class="keyword">in</span> request\<span class="keyword">n</span> raise exceptions.from_response(resp, method, url)\<span class="keyword">n</span>', <span class="keyword">u</span><span class="string">"BadRequest: Invalid input for field 'identity/password/user/password': None is not of type 'string'\n\nFailed validating 'type' in schema['properties']['identity']['properties']['password']['properties']['user']['properties']['password']:\n {'type': 'string'}\n\nOn instance['identity']['password']['user']['password']:\n None (HTTP 400) (Request-ID: req-f5ee8f99-7ea3-4679-8f7d-30867ae111a0)\n"</span>].". Detail: </span><br><span class="line">Traceback (most recent call last):</span><br></pre></td></tr></table></figure><p>其实在最开始的日志中就提示了问题所在 “ Auth plugin and its options for service user must be provided in [keystone_auth] section. Using values from [keystone_authtoken] section is deprecated.: MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url”, 不过错误等级是WARNING,所以一直被我忽略掉,后来一步一步调试代码又定位到了这个问题。<br>解决办法就是配置 /etc/magnum/magnum.conf 中 keystone_auth项 </p><figure class="highlight ini"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[keystone_auth]</span></span><br><span class="line"><span class="attr">auth_version</span> = v3</span><br><span class="line"><span class="attr">auth_uri</span> = http://controller:<span class="number">5000</span>/v3</span><br><span class="line"><span class="attr">project_domain_id</span> = default</span><br><span class="line"><span class="attr">project_name</span> = service</span><br><span class="line"><span class="attr">user_domain_id</span> = default</span><br><span class="line"><span class="attr">password</span> = magnum</span><br><span class="line"><span class="attr">username</span> = magnum</span><br><span class="line"><span class="attr">auth_url</span> = http://controller:<span class="number">35357</span></span><br><span class="line"><span class="attr">auth_type</span> = password</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h1 id="Magnum安装配置"><a href="#Magnum安装配置" class="headerlink" title="Magnum安装配置"></a>Magnum安装配置</h1><p>官方文档: <a href="https://docs.openstack.org/project-install-guide/container-infrastructure-management/draft/install-rdo.html" target="_blank" rel="external">https://docs.openstack.org/project-install-guide/container-infrastructure-management/draft/install-rdo.html</a></p>
<p>从源码安装Magnum <a href="https://docs.openstack.org/magnum/latest/install/install-guide-from-source.html" target="_blank" rel="external">https://docs.openstack.org/magnum/latest/install/install-guide-from-source.html</a></p>
<hr>
<h2 id="swarm-cluster创建超时"><a href="#swarm-cluster创建超时" class="headerlink" title="swarm-cluster创建超时"></a>swarm-cluster创建超时</h2><p>现象就是swarm-master一直显示在创建中,然后超过60分钟后,显示创建失败,heat显示的错误是Timeout</p>
<p><strong>解决方法:</strong><br>超时问题是因为虚拟机中解析不到controller对应的IP地址,需要讲keystone, heat, magnum 的 public endpoint改成 IP地址。</p>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="docker" scheme="http://pystack.org/tags/docker/"/>
<category term="Magnum" scheme="http://pystack.org/tags/Magnum/"/>
</entry>
<entry>
<title>Install cloudbase-init on windows xp</title>
<link href="http://pystack.org/2017/07/21/cloudbase-init-for-windows-xp/"/>
<id>http://pystack.org/2017/07/21/cloudbase-init-for-windows-xp/</id>
<published>2017-07-21T03:39:24.000Z</published>
<updated>2018-05-18T07:24:55.192Z</updated>
<content type="html"><![CDATA[<h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>默认cloudbase-init是不支持windows xp的,安装后启动服务的时候会报错。想要在xp上使用cloudbase-init也很简单,只要修改几个地方就行了:</p><ol><li>安装官方<a href="https://cloudbase.it/cloudbase-init/" target="_blank" rel="external">cloudbase-init</a></li></ol><a id="more"></a><ol><li>修改python文件</li></ol><p>编辑C:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Lib\site-packages\serial\win32.py ,注释掉包含’CancelIOEx’的三行。</p><ol><li>删除cloudbase-init服务</li></ol><figure class="highlight actionscript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sc <span class="keyword">delete</span> cloudbase-init</span><br></pre></td></tr></table></figure><ol><li><p>导入注册表文件: <a href="/assets/img/cloudbase-init.reg">cloudbase-init.reg</a></p></li><li><p>删除注册表子建:</p></li></ol><p>制作镜像前,需要检查注册表HKLM/Software/Cloudbase Solutions/Cloudbase-Init/下面是否有子键,有就删掉,否则新虚拟机启动时Cloudbase-init认为已经执行过,不再执行。</p><ol><li>释放ip配置</li></ol><figure class="highlight jboss-cli"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 保存镜像前先释放IP地址,否则网络启动会比较慢</span></span><br><span class="line">ipconfig <span class="string">/release</span></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html">
<h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>默认cloudbase-init是不支持windows xp的,安装后启动服务的时候会报错。想要在xp上使用cloudbase-init也很简单,只要修改几个地方就行了:</p>
<ol>
<li>安装官方<a href="https://cloudbase.it/cloudbase-init/" target="_blank" rel="external">cloudbase-init</a></li>
</ol>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="cloud-init" scheme="http://pystack.org/tags/cloud-init/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="cloudbase-init" scheme="http://pystack.org/tags/cloudbase-init/"/>
<category term="windows xp" scheme="http://pystack.org/tags/windows-xp/"/>
</entry>
<entry>
<title>KVM Usb passthrough</title>
<link href="http://pystack.org/2016/12/25/kvm-usb-pass-through/"/>
<id>http://pystack.org/2016/12/25/kvm-usb-pass-through/</id>
<published>2016-12-25T13:39:24.000Z</published>
<updated>2019-04-16T09:58:33.822Z</updated>
<content type="html"><![CDATA[<h3 id="查看本机USB设备"><a href="#查看本机USB设备" class="headerlink" title="查看本机USB设备"></a>查看本机USB设备</h3><figure class="highlight autoit"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root<span class="symbol">@controller</span> ~]<span class="meta"># yum install -y usbutils</span></span><br><span class="line"></span><br><span class="line">[root<span class="symbol">@controller</span> ~]<span class="meta"># lsusb</span></span><br><span class="line">Bus <span class="number">003</span> Device <span class="number">007</span>: ID <span class="number">0951</span>:<span class="number">1666</span> Kingston Technology DataTraveler <span class="number">100</span> G3/G4/SE9 G2</span><br></pre></td></tr></table></figure><h3 id="查看已有虚拟机"><a href="#查看已有虚拟机" class="headerlink" title="查看已有虚拟机"></a>查看已有虚拟机</h3><figure class="highlight asciidoc"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]# virsh list</span><br><span class="line"><span class="code"> Id Name State</span></span><br><span class="line">----------------------------------------------------</span><br><span class="line"><span class="code"> 149 instance-00000096 running</span></span><br></pre></td></tr></table></figure><a id="more"></a><h3 id="编辑虚拟机xml文件"><a href="#编辑虚拟机xml文件" class="headerlink" title="编辑虚拟机xml文件"></a>编辑虚拟机xml文件</h3><p>编辑虚拟机对应的xml文件,移除xml文件中其它的USB设备,然后添加下面的部分</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]# virsh edit instance-00000096 </span><br><span class="line">...</span><br><span class="line"><span class="tag"><<span class="name">controller</span> <span class="attr">type</span>=<span class="string">'usb'</span> <span class="attr">index</span>=<span class="string">'0'</span> <span class="attr">model</span>=<span class="string">'ich9-ehci1'</span>></span></span><br><span class="line"><span class="tag"></<span class="name">controller</span>></span></span><br><span class="line"><span class="tag"><<span class="name">controller</span> <span class="attr">type</span>=<span class="string">'usb'</span> <span class="attr">index</span>=<span class="string">'0'</span> <span class="attr">model</span>=<span class="string">'ich9-uhci1'</span>></span></span><br><span class="line"><span class="tag"></<span class="name">controller</span>></span></span><br><span class="line"></span><br><span class="line"><span class="tag"><<span class="name">hostdev</span> <span class="attr">mode</span>=<span class="string">'subsystem'</span> <span class="attr">type</span>=<span class="string">'usb'</span> <span class="attr">managed</span>=<span class="string">'yes'</span>></span></span><br><span class="line"> <span class="tag"><<span class="name">source</span>></span></span><br><span class="line"> <span class="tag"><<span class="name">vendor</span> <span class="attr">id</span>=<span class="string">'0x0951'</span>/></span></span><br><span class="line"> <span class="tag"><<span class="name">product</span> <span class="attr">id</span>=<span class="string">'0x1666'</span>/></span></span><br><span class="line"> <span class="tag"></<span class="name">source</span>></span></span><br><span class="line"><span class="tag"></<span class="name">hostdev</span>></span></span><br><span class="line">...</span><br></pre></td></tr></table></figure><h3 id="重启虚拟机"><a href="#重启虚拟机" class="headerlink" title="重启虚拟机"></a>重启虚拟机</h3><p>修改完的虚拟机配置文件要重启后才能生效</p><figure class="highlight clean"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]# virsh destroy <span class="keyword">instance</span><span class="number">-00000096</span> && virsh start <span class="keyword">instance</span><span class="number">-00000096</span></span><br></pre></td></tr></table></figure><h3 id="检查虚挂载"><a href="#检查虚挂载" class="headerlink" title="检查虚挂载"></a>检查虚挂载</h3><p>登录到虚拟机后会发现虚拟机自动发现了挂载的u盘设备。</p><p><img src="/assets/img/winusbdev.png" alt=""></p><hr><h3 id="kvm支持的设备类型"><a href="#kvm支持的设备类型" class="headerlink" title="kvm支持的设备类型"></a>kvm支持的设备类型</h3><figure class="highlight applescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]<span class="comment"># /usr/libexec/qemu-kvm -device help</span></span><br><span class="line">...</span><br><span class="line">USB devices:</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-ehci1"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-ehci2"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-uhci1"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-uhci2"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-uhci3"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-uhci4"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-uhci5"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"ich9-usb-uhci6"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"nec-usb-xhci"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"piix3-usb-uhci"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"piix4-usb-uhci"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"qemu-xhci"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"usb-ehci"</span>, bus PCI</span><br><span class="line"><span class="built_in">name</span> <span class="string">"vt82c686b-usb-uhci"</span>, bus PCI</span><br><span class="line">...</span><br></pre></td></tr></table></figure><h3 id="USB控制器类型:OHCI,UHCI,EHCI,xHCI"><a href="#USB控制器类型:OHCI,UHCI,EHCI,xHCI" class="headerlink" title="USB控制器类型:OHCI,UHCI,EHCI,xHCI"></a>USB控制器类型:OHCI,UHCI,EHCI,xHCI</h3><p>简单地讲,OHCI、UHCI都是USB1.1的接口标准,而EHCI是对应USB2.0的接口标准,最新的xHCI是USB3.0的接口标准。</p><ol><li>OHCI(Open Host Controller Interface)是支持USB1.1的标准,但它不仅仅是针对USB,还支持其他的一些接口,比如它还支持Apple的火线(Firewire,IEEE 1394)接口。与UHCI相比,OHCI的硬件复杂,硬件做的事情更多,所以实现对应的软件驱动的任务,就相对较简单。主要用于非x86的USB,如扩展卡、嵌入式开发板的USB主控。</li><li>UHCI(Universal Host Controller Interface),是Intel主导的对USB1.0、1.1的接口标准,与OHCI不兼容。UHCI的软件驱动的任务重,需要做得比较复杂,但可以使用较便宜、较简单的硬件的USB控制器。Intel和VIA使用UHCI,而其余的硬件提供商使用OHCI。</li><li>EHCI(Enhanced Host Controller Interface),是Intel主导的USB2.0的接口标准。EHCI仅提供USB2.0的高速功能,而依靠UHCI或OHCI来提供对全速(full-speed)或低速(low-speed)设备的支持。</li><li>xHCI(eXtensible Host Controller Interface),是最新最火的USB3.0的接口标准,它在速度、节能、虚拟化等方面都比前面3中有了较大的提高。xHCI支持所有种类速度的USB设备(USB 3.0 SuperSpeed, USB 2.0 Low-, Full-, and High-speed, USB 1.1 Low- and Full-speed)。xHCI的目的是为了替换前面3中(UHCI/OHCI/EHCI)。</li></ol><p><img src="/assets/img/usbcontrol.png" alt=""></p>]]></content>
<summary type="html">
<h3 id="查看本机USB设备"><a href="#查看本机USB设备" class="headerlink" title="查看本机USB设备"></a>查看本机USB设备</h3><figure class="highlight autoit"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root<span class="symbol">@controller</span> ~]<span class="meta"># yum install -y usbutils</span></span><br><span class="line"></span><br><span class="line">[root<span class="symbol">@controller</span> ~]<span class="meta"># lsusb</span></span><br><span class="line">Bus <span class="number">003</span> Device <span class="number">007</span>: ID <span class="number">0951</span>:<span class="number">1666</span> Kingston Technology DataTraveler <span class="number">100</span> G3/G4/SE9 G2</span><br></pre></td></tr></table></figure>
<h3 id="查看已有虚拟机"><a href="#查看已有虚拟机" class="headerlink" title="查看已有虚拟机"></a>查看已有虚拟机</h3><figure class="highlight asciidoc"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root@controller ~]# virsh list</span><br><span class="line"><span class="code"> Id Name State</span></span><br><span class="line">----------------------------------------------------</span><br><span class="line"><span class="code"> 149 instance-00000096 running</span></span><br></pre></td></tr></table></figure>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="Openstack" scheme="http://pystack.org/tags/Openstack/"/>
<category term="usb passthrough" scheme="http://pystack.org/tags/usb-passthrough/"/>
</entry>
<entry>
<title>在ARM平台上编译Virt Viewer</title>
<link href="http://pystack.org/2016/11/14/compile-virt-viewer-on-arm-platform/"/>
<id>http://pystack.org/2016/11/14/compile-virt-viewer-on-arm-platform/</id>
<published>2016-11-14T06:48:35.000Z</published>
<updated>2017-11-16T01:57:48.252Z</updated>
<content type="html"><![CDATA[<h2 id="libusb"><a href="#libusb" class="headerlink" title="libusb"></a>libusb</h2><figure class="highlight gauss"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">./configure --host=arm-linux</span><br><span class="line"><span class="built_in">make</span></span><br><span class="line"><span class="built_in">make</span> install</span><br></pre></td></tr></table></figure><h2 id="usbredir"><a href="#usbredir" class="headerlink" title="usbredir"></a>usbredir</h2><figure class="highlight gauss"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">./configure --host=arm-linux</span><br><span class="line"><span class="built_in">make</span></span><br><span class="line"><span class="built_in">make</span> install</span><br></pre></td></tr></table></figure><h2 id="spice-gtk"><a href="#spice-gtk" class="headerlink" title="spice-gtk"></a>spice-gtk</h2><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">./configure <span class="attribute">--host</span>=arm-linux <span class="attribute">--enable-usbredir</span>=<span class="literal">yes</span> <span class="attribute">--enable-smartcard</span>=<span class="literal">no</span> <span class="attribute">--with-gtk</span>=3.0</span><br><span class="line">make</span><br><span class="line">make install</span><br></pre></td></tr></table></figure><a id="more"></a><h2 id="virt-viewer"><a href="#virt-viewer" class="headerlink" title="virt-viewer"></a>virt-viewer</h2><figure class="highlight jboss-cli"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">./configure</span> <span class="params">--host=arm-linux</span> <span class="params">--with-gtk=3</span>.0 <span class="params">--with-spice-gtk</span></span><br><span class="line">make</span><br><span class="line">make install</span><br></pre></td></tr></table></figure><h2 id="问题:"><a href="#问题:" class="headerlink" title="问题:"></a>问题:</h2><ul><li>configure: error: cannot run C compiled programs.</li></ul><p>在ARM上编译需要指定host参数</p><figure class="highlight jboss-cli"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">./configure</span> <span class="params">--host=arm-linux</span></span><br></pre></td></tr></table></figure><ul><li>configure: error: Your intltool is too old. You need intltool 0.40.0 or later</li></ul><p><img src="/assets/img/intltool-too-old.png" alt=""></p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">apt-<span class="builtin-name">get</span> install intltool</span><br></pre></td></tr></table></figure><ul><li>configure: error: Package requirements (spice-protocol >= 0.12.10) were not met</li></ul><p><img src="/assets/img/spice-protocol-too-old.png" alt=""></p><p>下载最新版的spice-protocol(下载地址:<a href="https://packages.debian.org/search?keywords=spice-protocol&searchon=names&suite=all&section=all" target="_blank" rel="external">https://packages.debian.org/search?keywords=spice-protocol&searchon=names&suite=all&section=all</a>),并更新即可</p><ul><li>configure: error: Package requirements (openssl) were not met:</li></ul><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">apt-<span class="builtin-name">get</span> install openssl</span><br><span class="line">apt-<span class="builtin-name">get</span> install libssl-dev</span><br></pre></td></tr></table></figure><ul><li>configure: error: Package requirements (gtk+-3.0 >= 2.91.3) were not met</li></ul><p>checking for GTK… no<br>configure: error: Package requirements (gtk+-3.0 >= 2.91.3) were not met:</p><p>No package ‘gtk+-3.0’ found</p><p>Consider adjusting the PKG_CONFIG_PATH environment variable if you<br>installed software in a non-standard prefix.</p><figure class="highlight q"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">apt-<span class="built_in">get</span> install libgtk<span class="number">-3</span>-<span class="built_in">dev</span></span><br></pre></td></tr></table></figure><ul><li>configure: error: libjpeg not found</li></ul><figure class="highlight q"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">apt-<span class="built_in">get</span> install libjpeg-<span class="built_in">dev</span></span><br></pre></td></tr></table></figure><ul><li>configure: error: Package requirements (celt051 >= 0.5.1.1) were not met</li></ul><p>下载celt051,并编译安装</p><ul><li>configure: error: Package requirements (libxml-2.0 >= 2.6.0) were not met</li></ul><figure class="highlight q"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">apt-<span class="built_in">get</span> install libxml2-<span class="built_in">dev</span></span><br></pre></td></tr></table></figure><ul><li>configure: error: spice-gtk requested but not found</li></ul><p>spice编译的有问题,ARM 默认使用/bin/sh,使用/bin/bash打包会有问题!!! </p><ul><li>虚拟机 spice://192.168.13.11:5900 的未知图形类型</li></ul><p>这个是因为 ARM 版本 virt-viewer 默认只支持VNC的虚拟机,需要重新编译安装virt-viewer</p>]]></content>
<summary type="html">
<h2 id="libusb"><a href="#libusb" class="headerlink" title="libusb"></a>libusb</h2><figure class="highlight gauss"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">./configure --host=arm-linux</span><br><span class="line"><span class="built_in">make</span></span><br><span class="line"><span class="built_in">make</span> install</span><br></pre></td></tr></table></figure>
<h2 id="usbredir"><a href="#usbredir" class="headerlink" title="usbredir"></a>usbredir</h2><figure class="highlight gauss"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">./configure --host=arm-linux</span><br><span class="line"><span class="built_in">make</span></span><br><span class="line"><span class="built_in">make</span> install</span><br></pre></td></tr></table></figure>
<h2 id="spice-gtk"><a href="#spice-gtk" class="headerlink" title="spice-gtk"></a>spice-gtk</h2><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">./configure <span class="attribute">--host</span>=arm-linux <span class="attribute">--enable-usbredir</span>=<span class="literal">yes</span> <span class="attribute">--enable-smartcard</span>=<span class="literal">no</span> <span class="attribute">--with-gtk</span>=3.0</span><br><span class="line">make</span><br><span class="line">make install</span><br></pre></td></tr></table></figure>
</summary>
<category term="Spice" scheme="http://pystack.org/categories/Spice/"/>
<category term="Spice" scheme="http://pystack.org/tags/Spice/"/>
<category term="Virt-viewer" scheme="http://pystack.org/tags/Virt-viewer/"/>
<category term="ARM" scheme="http://pystack.org/tags/ARM/"/>
<category term="Linux" scheme="http://pystack.org/tags/Linux/"/>
</entry>
<entry>
<title>使用MinGW编译Virt-Viewer</title>
<link href="http://pystack.org/2016/11/13/compile-virt-viewer-with-mingw/"/>
<id>http://pystack.org/2016/11/13/compile-virt-viewer-with-mingw/</id>
<published>2016-11-13T06:48:35.000Z</published>
<updated>2017-11-16T02:14:41.542Z</updated>
<content type="html"><![CDATA[<h3 id="Mingw简介"><a href="#Mingw简介" class="headerlink" title="Mingw简介"></a>Mingw简介</h3><p>MinGW是Minimalist GUN for Windows的缩写。MinGW提供了一套开发环境,用来开发Microsoft windows本地应用。</p><p>MinGW提供了一套完全开源的编程工具集,不需要依赖于第三方的C运行DLL,就可以开发Windows本地应用。当然MinGW还是依赖于microsoft提供的几个操作系统DLL,比如MSVCRT.DLL。</p><p>MinGW 编译器提供了对Microsoft C Runtime的以及一些语言特定runtimes的访问。MinGW的Minimalist,就体现在这里,MinGW没有尝试提供一个POSIX runtime 环境。</p><h3 id="安装Mingw编译环境"><a href="#安装Mingw编译环境" class="headerlink" title="安装Mingw编译环境"></a>安装Mingw编译环境</h3><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install </span>mingw* libtool* auto-<span class="keyword">buildrequires </span>intltool glib2-devel icoutils msitools</span><br></pre></td></tr></table></figure><a id="more"></a><h3 id="编译安装usbredir"><a href="#编译安装usbredir" class="headerlink" title="编译安装usbredir"></a>编译安装usbredir</h3><figure class="highlight cmake"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install</span> libusb*</span><br><span class="line"></span><br><span class="line">mingw64-configure</span><br><span class="line">mingw64-make</span><br><span class="line">mingw64-make <span class="keyword">install</span></span><br></pre></td></tr></table></figure><h3 id="编译安装spice-gtk"><a href="#编译安装spice-gtk" class="headerlink" title="编译安装spice-gtk"></a>编译安装spice-gtk</h3><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install</span> pixman*</span><br><span class="line">yum <span class="keyword">install</span> openssl*</span><br><span class="line">yum <span class="keyword">install</span> gtk2-devel</span><br><span class="line">yum <span class="keyword">install</span> pulseaudio</span><br><span class="line">yum <span class="keyword">install</span> pulseaudio-devel</span><br><span class="line">yum <span class="keyword">install</span> pulseaudio-libs-devel</span><br><span class="line">yum <span class="keyword">install</span> libjpeg*</span><br><span class="line">yum <span class="keyword">install</span> libusb*</span><br><span class="line">yum <span class="keyword">install</span> usbredir*</span><br><span class="line">yum <span class="keyword">install</span> *gudev*</span><br><span class="line"></span><br><span class="line">mingw64-configure <span class="comment">--enable-usbredir=yes --enable-smartcard=no --with-gtk=3.0</span></span><br><span class="line">mingw64-make</span><br><span class="line">mingw64-make <span class="keyword">install</span></span><br></pre></td></tr></table></figure><h3 id="Virt-Viewer汉化"><a href="#Virt-Viewer汉化" class="headerlink" title="Virt-Viewer汉化"></a>Virt-Viewer汉化</h3><p>virtviewer使用的是gettex的方案是标准的linux里国际化的方案,只要在代码里设置好正确的locale,绑定好正确的textdomain就可以了。<br>对应的汉化文件为po/zh_CN.po,需要修改翻译内容,修改这个文件即可。</p><p>修改源码中virt-viewer-util.c文件的方法virt_viewer_util_init</p><figure class="highlight lisp"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">setlocale(<span class="name">LC_ALL</span>, <span class="string">"zh_CN"</span>)<span class="comment">;</span></span><br></pre></td></tr></table></figure><p>因为为windows系统,还需要修改国际化文件所在的目录(默认为Linux的/usr/share/locale)</p><figure class="highlight lisp"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">bindtextdomain(<span class="name">GETTEXT_PACKAGE</span>, <span class="string">"../share/locale/"</span>)<span class="comment">;</span></span><br></pre></td></tr></table></figure><p>这样即可完成对virt-viewer的汉化</p><h3 id="编译安装Virt-viewer"><a href="#编译安装Virt-viewer" class="headerlink" title="编译安装Virt-viewer"></a>编译安装Virt-viewer</h3><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install</span> libxml*</span><br><span class="line">yum <span class="keyword">install</span> spice-gtk*</span><br><span class="line"></span><br><span class="line">mingw64-configure <span class="comment">--with-gtk=3.0 --with-spice-gtk</span></span><br><span class="line">mingw64-make</span><br><span class="line">mingw64-make <span class="keyword">install</span></span><br></pre></td></tr></table></figure><h3 id="遇到的问题"><a href="#遇到的问题" class="headerlink" title="遇到的问题"></a>遇到的问题</h3><ul><li>glib-genmashal: command not found</li></ul><p><img src="images/glit-genmashal-not-found.png" alt="glit-genmashal not found"></p><p>这是因为缺少glib2-devel,yum安装一下就可以了</p><figure class="highlight cmake"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install</span> glib2-devel</span><br></pre></td></tr></table></figure><ul><li>Failed to create service named pipe</li></ul><p><img src="images/failed-to-create-pipe-service.png" alt="failed to create pipe service"></p><p>这是因为usbdk没有安装,到官网下载最新的usbdk安装即可,要注意的是windows7 64位系统,需要安装 <strong>Windows6.1-KB3033929-x64.msu</strong> 更新,否则会导致usb键盘鼠标都不能用!!!</p><p>USBDK下载地址:<a href="http://www.spice-space.org/download/windows/UsbDk/" target="_blank" rel="external">http://www.spice-space.org/download/windows/UsbDk/</a></p><ul><li>提示mingw-spice-protocal 版本太低</li></ul><p>只要下载新版本的mingw-spice-protocal更新一下就可以了</p><p>mingw-spice-protocol-0.12.11下载地址:<a href="http://koji.fedoraproject.org/koji/buildinfo?buildID=744124" target="_blank" rel="external">http://koji.fedoraproject.org/koji/buildinfo?buildID=744124</a></p><ul><li>Virt-Viewer菜单定制</li></ul><p>修改share\virt-viewer\ui\virt-viewer.xml文件,删除child,即可删除对应的菜单项</p><ul><li>修改标题栏</li></ul><p>修改 src\remote_viewer_main.c 文件,将 Remote Viewer改为其他字符串即可。</p><p>### 参考</p><blockquote><p><a href="http://blog.sina.com.cn/s/blog_7a9cc5930102wb7k.html" target="_blank" rel="external">http://blog.sina.com.cn/s/blog_7a9cc5930102wb7k.html</a><br><a href="http://www.isjian.com/2015/08/spice-kvm-usbredir-qxl-2/" target="_blank" rel="external">http://www.isjian.com/2015/08/spice-kvm-usbredir-qxl-2/</a></p></blockquote>]]></content>
<summary type="html">
<h3 id="Mingw简介"><a href="#Mingw简介" class="headerlink" title="Mingw简介"></a>Mingw简介</h3><p>MinGW是Minimalist GUN for Windows的缩写。MinGW提供了一套开发环境,用来开发Microsoft windows本地应用。</p>
<p>MinGW提供了一套完全开源的编程工具集,不需要依赖于第三方的C运行DLL,就可以开发Windows本地应用。当然MinGW还是依赖于microsoft提供的几个操作系统DLL,比如MSVCRT.DLL。</p>
<p>MinGW 编译器提供了对Microsoft C Runtime的以及一些语言特定runtimes的访问。MinGW的Minimalist,就体现在这里,MinGW没有尝试提供一个POSIX runtime 环境。</p>
<h3 id="安装Mingw编译环境"><a href="#安装Mingw编译环境" class="headerlink" title="安装Mingw编译环境"></a>安装Mingw编译环境</h3><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum <span class="keyword">install </span>mingw* libtool* auto-<span class="keyword">buildrequires </span>intltool glib2-devel icoutils msitools</span><br></pre></td></tr></table></figure>
</summary>
<category term="Spice" scheme="http://pystack.org/categories/Spice/"/>
<category term="Spice" scheme="http://pystack.org/tags/Spice/"/>
<category term="Virt-viewer" scheme="http://pystack.org/tags/Virt-viewer/"/>
<category term="Linux" scheme="http://pystack.org/tags/Linux/"/>
<category term="MinGW" scheme="http://pystack.org/tags/MinGW/"/>
</entry>
<entry>
<title>Cloud Init notes</title>
<link href="http://pystack.org/2016/06/14/cloud-init-notes/"/>
<id>http://pystack.org/2016/06/14/cloud-init-notes/</id>
<published>2016-06-14T03:39:24.000Z</published>
<updated>2018-05-18T07:12:00.696Z</updated>
<content type="html"><![CDATA[<h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>User configurability Cloud-init ‘s behavior can be configured via user-data.</p><p>User-data can be given by the user at instance launch time.This is done via the –user-data or –user-data-file argument to ec2-run-instances for example.</p><h2 id="使用"><a href="#使用" class="headerlink" title="使用"></a>使用</h2><p>cloud init 使用的前提是镜像中已经安装了cloud-init 包,如果使用python代码(三个双引号)动态生成 user-data,需要注意的是行前一定不要留有空格,否则脚本不能执行!</p><h3 id="执行shell脚本"><a href="#执行shell脚本" class="headerlink" title="执行shell脚本"></a>执行shell脚本</h3><p>Begins with: #! or Content-Type: text/x-shellscript when using a MIME archive.</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">$</span><span class="bash"> cat myscript.sh</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash">!/bin/sh</span></span><br><span class="line">echo "Hello World. The time is now $(date -R)!" | tee /root/output.txt</span><br></pre></td></tr></table></figure><a id="more"></a><p>修改ubuntu的默认密码,并开启ssh密码登录</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash">!/bin/sh</span></span><br><span class="line">passwd root<<EOF</span><br><span class="line"><span class="meta">ycxx123#</span><span class="bash"></span></span><br><span class="line"><span class="meta">ycxx123#</span><span class="bash"></span></span><br><span class="line">EOF</span><br><span class="line">sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config</span><br><span class="line">service ssh restart</span><br></pre></td></tr></table></figure><h3 id="执行cloud-config配置"><a href="#执行cloud-config配置" class="headerlink" title="执行cloud-config配置"></a>执行cloud-config配置</h3><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#cloud-config</span></span><br><span class="line"><span class="attr">ssh_pwauth:</span> <span class="literal">true</span></span><br><span class="line"><span class="attr">disable_root:</span> <span class="number">0</span></span><br><span class="line"><span class="attr">user:</span> <span class="string">root</span></span><br><span class="line"><span class="attr">password:</span> <span class="number">123456</span></span><br><span class="line"><span class="attr">chpasswd:</span></span><br><span class="line"><span class="attr"> expire:</span> <span class="literal">false</span></span><br></pre></td></tr></table></figure><blockquote><p>首先, 这个文件把一般云主机里面的 ssh 密码认证打开, 默认关闭的<br>然后, 通过 disable_root 允许 root 认证, 默认关闭<br>将 root 的密码设置为 abc123<br>如果不设置 chpasswd 的 expire 为 false, 那么登陆的时候会提示马上修改密码才能进去</p></blockquote><h3 id="同时传递多种格式-多个文件的-user-data"><a href="#同时传递多种格式-多个文件的-user-data" class="headerlink" title="同时传递多种格式/多个文件的 user-data"></a>同时传递多种格式/多个文件的 user-data</h3><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br></pre></td><td class="code"><pre><span class="line">Content-Type: multipart/mixed; boundary="===============2197920354430400835=="</span><br><span class="line">MIME-Version: 1.0</span><br><span class="line"></span><br><span class="line">--===============2197920354430400835==</span><br><span class="line">Content-Type: text/cloud-config; charset="us-ascii"</span><br><span class="line">MIME-Version: 1.0</span><br><span class="line">Content-Transfer-Encoding: 7bit</span><br><span class="line">Content-Disposition: attachment; filename="cloudconfig.txt"</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash">cloud-config</span></span><br><span class="line">runcmd:</span><br><span class="line"> - touch /root/cloudconfig</span><br><span class="line"> - source: "ppa:smoser/ppa"</span><br><span class="line"></span><br><span class="line">--===============2197920354430400835==</span><br><span class="line">Content-Type: text/x-include-url; charset="us-ascii"</span><br><span class="line">MIME-Version: 1.0</span><br><span class="line">Content-Transfer-Encoding: 7bit</span><br><span class="line">Content-Disposition: attachment; filename="includefile.txt"</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> these urls will be <span class="built_in">read</span> pulled <span class="keyword">in</span> <span class="keyword">if</span> they were part of user-data</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> comments are allowed. The format is one url per line</span></span><br><span class="line">http://www.ubuntu.com/robots.txt</span><br><span class="line"></span><br><span class="line">--===============2197920354430400835==</span><br><span class="line">Content-Type: text/cloud-boothook; charset="us-ascii"</span><br><span class="line">MIME-Version: 1.0</span><br><span class="line">Content-Transfer-Encoding: 7bit</span><br><span class="line">Content-Disposition: attachment; filename="boothook.txt"</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash">!/bin/sh</span></span><br><span class="line">echo "Hello World!"</span><br><span class="line"></span><br><span class="line">--===============2197920354430400835==</span><br><span class="line">Content-Type: text/x-shellscript; charset="us-ascii"</span><br><span class="line">MIME-Version: 1.0</span><br><span class="line">Content-Transfer-Encoding: 7bit</span><br><span class="line">Content-Disposition: attachment; filename="userscript.txt"</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash">!/usr/bin/perl</span></span><br><span class="line">print "This is a user script (rc.local)\n"</span><br><span class="line"></span><br><span class="line">--===============2197920354430400835==--</span><br></pre></td></tr></table></figure><p>C:/Program Files/Cloudbase Solutions/Vloudbase-Init/Python/Lib/site-packages/cloudbaseinit/conf/default.py</p><h3 id="无法获取控制台日志"><a href="#无法获取控制台日志" class="headerlink" title="无法获取控制台日志"></a>无法获取控制台日志</h3><p>如果无法获取到云主机日志,则需要修改grub文件配置</p><ul><li>ubuntu </li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> vim /etc/default/grub</span></span><br><span class="line">GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200"</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> update-grub <span class="comment">#ubuntu</span></span></span><br></pre></td></tr></table></figure><ul><li>centos</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> vi /boot/grub2/grub.cfg</span></span><br><span class="line"><span class="meta">#</span><span class="bash"><span class="comment"># append "console=tty0 console=ttyS0,115200" to "CentOS ... (Core)" line</span></span></span><br></pre></td></tr></table></figure><h3 id="修改云主机domain"><a href="#修改云主机domain" class="headerlink" title="修改云主机domain"></a>修改云主机domain</h3><p>默认虚拟机的domain是novadomain,如果要自定义domain名称,需要修改nova的配置文件</p><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> vi /etc/nova/nova.conf</span></span><br><span class="line">dhcp_domain=testdomain</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash"> systemctl restart openstack-nova-api.service</span></span><br></pre></td></tr></table></figure><h3 id="再次执行userdata"><a href="#再次执行userdata" class="headerlink" title="再次执行userdata"></a>再次执行userdata</h3><p>We can however fool cloud-init by letting it think the machine did a fresh first boot. We need to remove the following two files:</p><p>/var/lib/cloud/instances/$UUID/boot-finished<br>/var/lib/cloud/instances/$UUID/sem/config_scripts_user</p><p>Execute the following command to run the cloud-init final module again:</p><p>cloud-init modules –mode final<br>The final module will execute our user_data script again. Before every new test run you need to remove the two files listed above.</p><h2 id="User-and-Group-Management"><a href="#User-and-Group-Management" class="headerlink" title="User and Group Management"></a>User and Group Management</h2><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">users:</span><br><span class="line"> -<span class="ruby"> first_user_parameter</span></span><br><span class="line"><span class="ruby"> first_user_parameter</span></span><br><span class="line"><span class="ruby"></span></span><br><span class="line"><span class="ruby"> - second_user_parameter</span></span><br><span class="line"><span class="ruby"> second_user_parameter</span></span><br><span class="line"><span class="ruby"> second_user_parameter</span></span><br></pre></td></tr></table></figure><p>The following keys are available for definition:</p><p>name: The account username.<br>primary-group: The primary group of the user. By default, this will be a group created that matches the username. Any group specified here must already exist or must be created explicitly (we discuss this later in this section).<br>groups: Any supplementary groups can be listed here, separated by commas.<br>gecos: A field for supplementary info about the user.<br>shell: The shell that should be set for the user. If you do not set this, the very basic sh shell will be used.<br>expiredate: The date that the account should expire, in YYYY-MM-DD format.<br>sudo: The sudo string to use if you would like to define sudo privileges, without the username field.<br>lock-passwd: This is set to “True” by default. Set this to “False” to allow users to log in with a password.<br>passwd: A hashed password for the account.<br>ssh-authorized-keys: A list of complete SSH public keys that should be added to this user’s authorized_keys file in their .ssh directory.<br>inactive: A boolean value that will set the account to inactive.<br>system: If “True”, this account will be a system account with no home directory.<br>homedir: Used to override the default /home/<username>, which is otherwise created and set.<br>ssh-import-id: The SSH ID to import from LaunchPad.<br>selinux-user: This can be used to set the SELinux user that should be used for this account’s login.<br>no-create-home: Set to “True” to avoid creating a /home/<username> directory for the user.<br>no-user-group: Set to “True” to avoid creating a group with the same name as the user.<br>no-log-init: Set to “True” to not initiate the user login databases.</username></username></p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">groups:</span><br><span class="line"> -<span class="ruby"> group1</span></span><br><span class="line"><span class="ruby"> - <span class="symbol">group2:</span> [user1, user2]</span></span><br></pre></td></tr></table></figure><h2 id="Change-Passwords-for-Existing-Users"><a href="#Change-Passwords-for-Existing-Users" class="headerlink" title="Change Passwords for Existing Users"></a>Change Passwords for Existing Users</h2><p>For user accounts that already exist (the root account is the most pertinent), a password can be suppled by using the chpasswd directive.</p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#cloud-config</span></span><br><span class="line"><span class="attr">chpasswd:</span></span><br><span class="line"><span class="attr"> list:</span> <span class="string">|</span></span><br><span class="line"><span class="string"></span><span class="attr"> user1:</span><span class="string">password1</span></span><br><span class="line"><span class="attr"> user2:</span><span class="string">password2</span></span><br><span class="line"><span class="attr"> user3:</span><span class="string">password3</span></span><br><span class="line"><span class="attr"> expire:</span> <span class="literal">False</span></span><br></pre></td></tr></table></figure><p>One thing to note is that you can set a password to “RANDOM” or “R”, which will generate a random password and write it to /var/log/cloud-init-output.log. </p><h2 id="Write-Files-to-the-Disk"><a href="#Write-Files-to-the-Disk" class="headerlink" title="Write Files to the Disk"></a>Write Files to the Disk</h2><p>In order to write files to the disk, you should use the write_files directive.</p><p>The only required keys in this array are path, which defines where to write the file, and content, which contains the data you would like the file to contain.</p><p>The available keys for configuring a write_files item are:</p><p>path: The absolute path to the location on the filesystem where the file should be written.</p><p>content: The content that should be placed in the file. For multi-line input, you should start a block by using a pipe character (|) on the “content” line, followed by an indented block containing the content. Binary files should include “!!binary” and a space prior to the pipe character.</p><p>owner: The user account and group that should be given ownership of the file. These should be given in the “username:group” format.</p><p>permissions: The octal permissions set that should be given for this file.</p><p>encoding: An optional encoding specification for the file. This can be “b64” for Base64 files, “gzip” for Gzip compressed files, or “gz+b64” for a combination. Leaving this out will use the default, conventional file type.</p><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">write_files:</span><br><span class="line"> - path: /test.txt</span><br><span class="line"> <span class="attribute">content</span>: |</span><br><span class="line"> Here is <span class="selector-tag">a</span> line.</span><br><span class="line"> Another line is here.</span><br></pre></td></tr></table></figure><h2 id="Update-or-Install-Packages-on-the-Server"><a href="#Update-or-Install-Packages-on-the-Server" class="headerlink" title="Update or Install Packages on the Server"></a>Update or Install Packages on the Server</h2><p>To update the apt database on Debian-based distributions, you should set the package_update directive to “true”. This is synonymous with calling apt-get update from the command line.</p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#cloud-config</span></span><br><span class="line"><span class="attr">package_update:</span> <span class="literal">false</span></span><br></pre></td></tr></table></figure><p>If you wish to upgrade all of the packages on your server after it boots up for the first time, you can set the package_upgrade directive. This is akin to a apt-get upgrade executed manually.</p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#cloud-config</span></span><br><span class="line"><span class="attr">package_upgrade:</span> <span class="literal">true</span></span><br></pre></td></tr></table></figure><p>To install additional packages, you can simply list the package names using the “packages” directive. Each list item should represent a package. Unlike the two commands above, this directive will function with either yum or apt managed distros.</p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">packages:</span><br><span class="line"> -<span class="ruby"> package_1</span></span><br><span class="line"><span class="ruby"> - package_2</span></span><br><span class="line"><span class="ruby"> - [package_3, version_num]</span></span><br></pre></td></tr></table></figure><p>The “packages” directive will set apt_update to true, overriding any previous setting.</p><h2 id="Configure-SSH-Keys-for-User-Accounts"><a href="#Configure-SSH-Keys-for-User-Accounts" class="headerlink" title="Configure SSH Keys for User Accounts"></a>Configure SSH Keys for User Accounts</h2><p>You can manage SSH keys in the users directive, but you can also specify them in a dedicated ssh_authorized_keys section. These will be added to the first defined user’s authorized_keys file.</p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">ssh_authorized_keys:</span><br><span class="line"> -<span class="ruby"> ssh_key_1</span></span><br><span class="line"><span class="ruby"> - ssh_key_2</span></span><br></pre></td></tr></table></figure><p>You can also generate the SSH server’s private keys ahead of time and place them on the filesystem. This can be useful if you want to give your clients the information about this server beforehand, allowing it to trust the server as soon as it comes online.</p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">ssh_keys:</span><br><span class="line"> rsa_private: |</span><br><span class="line"> -<span class="ruby">----<span class="keyword">BEGIN</span> RSA PRIVATE KEY-----</span></span><br><span class="line"><span class="ruby"> your_rsa_private_key</span></span><br><span class="line"><span class="ruby"> -----<span class="keyword">END</span> RSA PRIVATE KEY-----</span></span><br><span class="line"><span class="ruby"></span></span><br><span class="line"><span class="ruby"> <span class="symbol">rsa_public:</span> your_rsa_public_key</span></span><br></pre></td></tr></table></figure><h2 id="Configure-resolv-conf-to-Use-Specific-DNS-Servers"><a href="#Configure-resolv-conf-to-Use-Specific-DNS-Servers" class="headerlink" title="Configure resolv.conf to Use Specific DNS Servers"></a>Configure resolv.conf to Use Specific DNS Servers</h2><p>If you have configured your own DNS servers that you wish to use, you can manage your server’s resolv.conf file by using the resolv_conf directive. This currently only works for RHEL-based distributions.</p><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">manage-resolv-conf: true</span><br><span class="line">resolv_conf:</span><br><span class="line"> nameservers:</span><br><span class="line"> - <span class="string">'first_nameserver'</span></span><br><span class="line"> - <span class="string">'second_nameserver'</span></span><br><span class="line"> searchdomains:</span><br><span class="line"> - first<span class="selector-class">.domain</span><span class="selector-class">.com</span></span><br><span class="line"> - second<span class="selector-class">.domain</span><span class="selector-class">.com</span></span><br><span class="line"> domain: domain.com</span><br><span class="line"> options:</span><br><span class="line"> option1: value1</span><br><span class="line"> option2: value2</span><br><span class="line"> option3: value3</span><br></pre></td></tr></table></figure><p>If you are using the resolv_conf directive, you must ensure that the manage-resolv-conf directive is also set to true. Not doing so will cause your settings to be ignored</p><h2 id="Run-Arbitrary-Commands-for-More-Control"><a href="#Run-Arbitrary-Commands-for-More-Control" class="headerlink" title="Run Arbitrary Commands for More Control"></a>Run Arbitrary Commands for More Control</h2><p>If none of the managed actions that cloud-config provides works for what you want to do, you can also run arbitrary commands. You can do this with the runcmd directive.</p><p>Any output will be written to standard out and to the /var/log/cloud-init-output.log file:</p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">runcmd:</span><br><span class="line"> -<span class="ruby"> [ sed, -i, -e, <span class="string">'s/here/there/g'</span>, some_file]</span></span><br><span class="line"><span class="ruby"> - echo <span class="string">"modified some_file"</span></span></span><br><span class="line"><span class="ruby"> - [cat, some_file]</span></span><br></pre></td></tr></table></figure><h2 id="Shutdown-or-Reboot-the-Server"><a href="#Shutdown-or-Reboot-the-Server" class="headerlink" title="Shutdown or Reboot the Server"></a>Shutdown or Reboot the Server</h2><p>In some cases, you’ll want to shutdown or reboot your server after executing the other items. You can do this by setting up the power_state directive.</p><figure class="highlight dts"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#cloud-config</span></span><br><span class="line"><span class="symbol">power_state:</span></span><br><span class="line"><span class="symbol"> timeout:</span> <span class="number">120</span></span><br><span class="line"><span class="symbol"> delay:</span> <span class="string">"+5"</span></span><br><span class="line"><span class="symbol"> message:</span> Rebooting in five minutes. Please save your work.</span><br><span class="line"><span class="symbol"> mode:</span> reboot</span><br></pre></td></tr></table></figure><h1 id="Example"><a href="#Example" class="headerlink" title="Example:"></a>Example:</h1><p>Our adjusted strategy will look something like this:</p><p>Set no password and provide no SSH keys for the root account through cloud-config (any SSH keys added though the DigitalOcean interface will still be added as usual)<br>Create a new user<br>Set no password for the new user account<br>Set up SSH access for the new user account<br>Give the new user password-less sudo privileges to make administrative changes.<br>(Optional) Change the port the SSH daemon listens on<br>(Optional) Restrict root SSH login (especially if you do not include SSH keys through the DigitalOcean interface)<br>(Optional) Explicitly permit our new user</p><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">#cloud-config</span><br><span class="line">users:</span><br><span class="line"> -<span class="ruby"> <span class="symbol">name:</span> demo</span></span><br><span class="line"><span class="ruby"> ssh-authorized-<span class="symbol">keys:</span></span></span><br><span class="line"><span class="ruby"> - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv60WjxoM39LgPDbiW7ne3gu18q0NIVv0RE6rDLNal1quXZ3nqAlANpl5qmhDQ+GS/sOtygSG4/<span class="number">9</span>aiOA4vXO54k1mHWL2irjuB9XbXr0<span class="number">0</span>+<span class="number">44</span>vSd2q/vtXdGXhdSMTf4/XK17fjKSG/<span class="number">9</span>y3yD6nml6q9XgQxx9Vf/IkaKdlK0hbC1ds<span class="number">0</span>+<span class="number">8</span>h83PTb9dF3L7hf3Ch/ghvj5++tWJFdFeG+VI7EDuKNA4zL8C5FdYYWFA88YAmM8ndjA5qCjZXIIeZvZ/z9Kpy6DL0QZ8T3NsxRKapEU3nyiIuEAmn8fbnosWcsovw0IS1Hz6HsjYo4bu/gA82LWt3sdRUBZ/<span class="number">7</span>ZsVD3ELip [email protected]</span></span><br><span class="line"><span class="ruby"> <span class="symbol">sudo:</span> [<span class="string">'ALL=(ALL) NOPASSWD:ALL'</span>]</span></span><br><span class="line"><span class="ruby"> <span class="symbol">groups:</span> sudo</span></span><br><span class="line"><span class="ruby"> <span class="symbol">shell:</span> /bin/bash</span></span><br><span class="line"><span class="ruby"><span class="symbol">runcmd:</span></span></span><br><span class="line"><span class="ruby"> - sed -i -e <span class="string">'/^Port/s/^.*$/Port 4444/'</span> /etc/ssh/sshd_config</span></span><br><span class="line"><span class="ruby"> - sed -i -e <span class="string">'/^PermitRootLogin/s/^.*$/PermitRootLogin no/'</span> /etc/ssh/sshd_config</span></span><br><span class="line"><span class="ruby"> - sed -i -e <span class="string">'$aAllowUsers demo'</span> /etc/ssh/sshd_config</span></span><br><span class="line"><span class="ruby"> - restart ssh</span></span><br></pre></td></tr></table></figure><figure class="highlight clean"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line"></span><br><span class="line">########定制用户初始密码</span><br><span class="line"></span><br><span class="line">#cloud-config</span><br><span class="line">chpasswd:</span><br><span class="line"> list: |</span><br><span class="line"> root:<span class="number">123456</span></span><br><span class="line"> ubuntu:<span class="number">123456</span></span><br><span class="line"> expire: false</span><br><span class="line">ssh_pwauth: true # [ <span class="literal">True</span>, <span class="literal">False</span>, <span class="string">""</span> or <span class="string">"unchanged"</span> ]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">########安装软件</span><br><span class="line"># 一个办法是部署完后手动安装,另一个办法是通过 package-update-upgrade-install 模块让 cloud-init 自动为我们安装。</span><br><span class="line"></span><br><span class="line">#cloud-config</span><br><span class="line">apt:</span><br><span class="line"> primary:</span><br><span class="line"> - arches: [default]</span><br><span class="line"> search:</span><br><span class="line"> - http:<span class="comment">//1.2.3.4 </span></span><br><span class="line"></span><br><span class="line">packages:</span><br><span class="line">- pwgen</span><br><span class="line">- pastebinit</span><br><span class="line">- [libpython2<span class="number">.7</span>, <span class="number">2.7</span><span class="number">.3</span><span class="number">-0</span>ubuntu3<span class="number">.1</span>]</span><br><span class="line"></span><br><span class="line">说明如下:</span><br><span class="line">apt 指定安装源的位置,这里为 http:<span class="comment">//1.2.3.4 。如果是 yum 源则用 yum_repos 模块指定,具体用法可参看官网文档。</span></span><br><span class="line">packages 指定需要安装的软件包,还可以指定具体版本。</span><br><span class="line"><span class="keyword">instance</span> 启动后可看到 /etc/apt/sources.list 中安装源已经更新为http:<span class="comment">//1.2.3.4。</span></span><br></pre></td></tr></table></figure><h1 id="Cloud-Base-init"><a href="#Cloud-Base-init" class="headerlink" title="Cloud Base init"></a>Cloud Base init</h1><p>cloudbase-init </p><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#ps1_sysnative or rem cmd</span></span><br><span class="line">net<span class="built_in"> user </span>{username} <span class="string">"{password}"</span> /<span class="builtin-name">add</span> /y</span><br><span class="line">net localgroup Administrators <span class="string">"{username}"</span> /<span class="builtin-name">add</span> /y</span><br><span class="line">net localgroup <span class="string">"Remote Desktop Users"</span> <span class="string">"{username}"</span> /<span class="builtin-name">add</span> /y</span><br><span class="line">net<span class="built_in"> user </span>{username} <span class="string">"{password}"</span></span><br></pre></td></tr></table></figure><h3 id="Adding-cloudbase-init-to-Windows-images"><a href="#Adding-cloudbase-init-to-Windows-images" class="headerlink" title="Adding cloudbase-init to Windows images"></a>Adding cloudbase-init to Windows images</h3><p>If you want to deploy Windows images, use the latest version of the cloudbase-init tool while creating the Windows image to support the OpenStack updates related to the network interface management of Windows images.</p><p>After the cloudbase-init installation, do not select the option to run sysprep.exe in the Finish page.</p><p>When you create the network, set the dns-nameservers and gateway parameters.</p><p>To speed up the IP address injection, when you create the image template, specify the metadata_services parameter in the cloudbase-init.conf file:<br>metadata_services= cloudbaseinit.metadata.services.configdrive.ConfigDriveService,<br> cloudbaseinit.metadata.services.httpservice.HttpService,<br> cloudbaseinit.metadata.services.ec2service.EC2Service,<br> cloudbaseinit.metadata.services.maasservice.MaaSHttpService</p><p>If you get the OS can not be restarted automatically message after changing the host name, use the latest cloudbase-init version.</p><p>You can configure cloudbase-init to set the password for a user. The user name is configured at image preparation time and cannot be modified at virtual machine creation time. You can specify a user name during cloudbase-init installation or in the cloudbase-init.conf file. If the user does not exist, a new user account is created at virtual machine initialization time. If there are multiple Windows users at image preparation time, at virtual machine initialization time the password is changed only for the user specified in the cloudbase-init configuration. The passwords for other users are not changed.</p><p>If cloudbase-init cannot run scripts during an instance boot, set the PowerShell execution policy to be unrestricted:</p><figure class="highlight mathematica"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">C</span>:\powershell</span><br><span class="line">PS <span class="keyword">C</span>:\<span class="keyword">Set</span>-ExecutionPolicy Unrestricted</span><br></pre></td></tr></table></figure><h3 id="OpenStack-Networking-without-DHCP"><a href="#OpenStack-Networking-without-DHCP" class="headerlink" title="OpenStack Networking without DHCP"></a>OpenStack Networking without DHCP</h3><p>In an OpenStack environment, cloud-init generally fetches information from the metadata service provided by Nova. It also has support for reading this information from a configuration drive, which under OpenStack means a virtual CD-ROM device attached to your instance containing the same information that would normally be available via the metadata service.</p><p>It is possible to generate your network configuration from this configuration drive, rather than relying on the DHCP server provided by your OpenStack environment. In order to do this you will need to make the following changes to your Nova configuration:</p><ol><li><p>You must be using a subnet that does have a DHCP server. This means that you have created it using neutron subnet-create –disable-dhcp …, or that you disabled DHCP on an existing network using neutron net-update –disable-dhcp ….</p></li><li><p>You must set flat_inject to true in /etc/nova/nova.conf. This causes Nova to embed network configuration information in the meta-data embedded on the configuration drive.</p></li><li><p>You must ensure that injected_network_template in /etc/nova/nova.conf points to an appropriately formatted template.</p></li></ol><p>A template similar to the following ought to be sufficient:</p><figure class="highlight capnproto"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">{% for <span class="class"><span class="keyword">interface</span> <span class="title">in</span> interfaces %}</span></span><br><span class="line"><span class="class">auto </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">name</span> }}</span></span><br><span class="line"><span class="class">iface </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">name</span> }} inet static</span></span><br><span class="line"><span class="class"> address </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">address</span> }}</span></span><br><span class="line"><span class="class"> netmask </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">netmask</span> }}</span></span><br><span class="line"><span class="class"> broadcast </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">broadcast</span> }}</span></span><br><span class="line"><span class="class"> gateway </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">gateway</span> }}</span></span><br><span class="line"><span class="class"> dns-nameservers </span>{{ <span class="class"><span class="keyword">interface</span>.<span class="title">dns</span> }}</span></span><br><span class="line"><span class="class"></span>{% endfor %}</span><br></pre></td></tr></table></figure><p>This will directly populate /etc/network/interfaces on an Ubuntu system, or will get translated into /etc/sysconfig/network-scripts/ifcfg-eth0 on a RHEL system (a RHEL environment can only configure a single network interface using this mechanism).</p><h2 id="Datasource"><a href="#Datasource" class="headerlink" title="Datasource"></a>Datasource</h2><p>尽量不要直接使用官方的源 , 而是自己制作 , 尤其是 cloud-init 的配置项 , 要手动修改掉其默认的数据源 。</p><figure class="highlight groovy"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">datasource_list:</span> [<span class="string">'ConfigDrive'</span>, <span class="string">'OpenStack'</span>, <span class="string">'Ec2'</span>]</span><br></pre></td></tr></table></figure><h3 id="Config-Drive-Version-2"><a href="#Config-Drive-Version-2" class="headerlink" title="Config Drive Version 2"></a>Config Drive Version 2</h3><figure class="highlight haml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">openstack/</span><br><span class="line"> -<span class="ruby"> <span class="number">2012</span>-08-<span class="number">10</span>/ <span class="keyword">or</span> latest/</span></span><br><span class="line"><span class="ruby"> - meta_data.json</span></span><br><span class="line"><span class="ruby"> - user_data (<span class="keyword">not</span> mandatory)</span></span><br><span class="line"><span class="ruby"> - content/</span></span><br><span class="line"><span class="ruby"> - <span class="number">0000</span> (referenced content files)</span></span><br><span class="line"><span class="ruby"> - <span class="number">0001</span></span></span><br><span class="line"><span class="ruby"> - ....</span></span><br></pre></td></tr></table></figure><h3 id="OpenStack"><a href="#OpenStack" class="headerlink" title="OpenStack"></a>OpenStack</h3><figure class="highlight dts"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#cloud-config</span></span><br><span class="line"><span class="symbol">datasource:</span></span><br><span class="line"><span class="symbol"> OpenStack:</span></span><br><span class="line"><span class="symbol"> metadata_urls:</span> [<span class="string">"http://169.254.169.254"</span>]</span><br><span class="line"><span class="symbol"> max_wait:</span> <span class="number">-1</span></span><br><span class="line"><span class="symbol"> timeout:</span> <span class="number">10</span></span><br><span class="line"><span class="symbol"> retries:</span> <span class="number">5</span></span><br></pre></td></tr></table></figure><p>metadata_urls: This list of urls will be searched for an OpenStack metadata service. The first entry that successfully returns a 200 response for <url>/openstack will be selected. (default: [‘<a href="http://169.254.169.254‘" target="_blank" rel="external">http://169.254.169.254‘</a>]).</url></p><p>max_wait: the maximum amount of clock time in seconds that should be spent searching metadata_urls. A value less than zero will result in only one request being made, to the first in the list. (default: -1)</p><p>timeout: the timeout value provided to urlopen for each individual http request. This is used both when selecting a metadata_url and when crawling the metadata service. (default: 10)</p><p>retries: The number of retries that should be done for an http request. This value is used only after metadata_url is selected. (default: 5)</p><h4 id="cloudinit-script"><a href="#cloudinit-script" class="headerlink" title="cloudinit script"></a>cloudinit script</h4><p>/var/lib/cloud/instance/</p><h3 id="下次启动不强制重新设置密码"><a href="#下次启动不强制重新设置密码" class="headerlink" title="下次启动不强制重新设置密码"></a>下次启动不强制重新设置密码</h3><p>这个功能默认是打开的,要关闭下次启动强制重新设置密码需要修改\PATH\TO\Cloudbase Solutions\Cloubase-Init\Python\Lib\site-packages\cloudbaseinit\plugins\common\setuserpassword.py:</p><figure class="highlight ruby"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">_set_password</span><span class="params">(<span class="keyword">self</span>, service, osutils, user_name, shared_data)</span></span><span class="symbol">:</span></span><br><span class="line"> <span class="keyword">if</span> service.can_update_password <span class="keyword">and</span> <span class="keyword">not</span> service.is_password_changed()<span class="symbol">:</span></span><br><span class="line"> LOG.info(<span class="string">'Updating password is not required.'</span>)</span><br><span class="line"> <span class="keyword">return</span> None</span><br><span class="line"></span><br><span class="line"> password, injected = <span class="keyword">self</span>._get_password(service, shared_data)</span><br><span class="line"> <span class="keyword">if</span> <span class="keyword">not</span> <span class="symbol">password:</span></span><br><span class="line"> LOG.debug(<span class="string">'Generating a random user password'</span>)</span><br><span class="line"> maximum_length = osutils.get_maximum_password_length()</span><br><span class="line"> password = osutils.generate_random_password(</span><br><span class="line"> maximum_length)</span><br><span class="line"></span><br><span class="line"> osutils.set_user_password(user_name, password)</span><br><span class="line"> <span class="comment"># self._change_logon_behaviour(user_name, password_injected=injected)</span></span><br><span class="line"> <span class="keyword">return</span> password</span><br></pre></td></tr></table></figure><h3 id="不传入admin-pass不使用随机密码"><a href="#不传入admin-pass不使用随机密码" class="headerlink" title="不传入admin_pass不使用随机密码"></a>不传入admin_pass不使用随机密码</h3><p>默认情况下,装了 Cloudbase-Init 在不传入admin_pass启动虚拟机,将会使用随机密码。要取消使用随机密码需要修改\PATH\TO\Cloudbase Solutions\Cloubase-Init\Python\Lib\site-packages\cloudbaseinit\plugins\common\setuserpassword.py:</p><figure class="highlight ruby"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">_set_password</span><span class="params">(<span class="keyword">self</span>, service, osutils, user_name, shared_data)</span></span><span class="symbol">:</span></span><br><span class="line"> <span class="keyword">if</span> service.can_update_password <span class="keyword">and</span> <span class="keyword">not</span> service.is_password_changed()<span class="symbol">:</span></span><br><span class="line"> LOG.info(<span class="string">'Updating password is not required.'</span>)</span><br><span class="line"> <span class="keyword">return</span> None</span><br><span class="line"></span><br><span class="line"> password, injected = <span class="keyword">self</span>._get_password(service, shared_data)</span><br><span class="line"> <span class="keyword">if</span> <span class="keyword">not</span> <span class="symbol">password:</span></span><br><span class="line"> <span class="keyword">return</span> None</span><br><span class="line"> <span class="comment"># LOG.debug('Generating a random user password')</span></span><br><span class="line"> <span class="comment"># maximum_length = osutils.get_maximum_password_length()</span></span><br><span class="line"> <span class="comment"># password = osutils.generate_random_password(</span></span><br><span class="line"> maximum_length)</span><br><span class="line"></span><br><span class="line"> osutils.set_user_password(user_name, password)</span><br><span class="line"> <span class="keyword">self</span>._change_logon_behaviour(user_name, password_injected=injected)</span><br><span class="line"> <span class="keyword">return</span> password</span><br></pre></td></tr></table></figure><h3 id="windows开机不自动重启"><a href="#windows开机不自动重启" class="headerlink" title="windows开机不自动重启"></a>windows开机不自动重启</h3><p>修改\PATH\TO\Cloudbase Solutions\Cloubase-Init\Python\Lib\site-packages\cloudbaseinit\init.py</p><figure class="highlight stata"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">def configure_host(self):</span><br><span class="line"> ......</span><br><span class="line"> ......</span><br><span class="line"> <span class="keyword">if</span> reboot_required and <span class="keyword">CONF</span>.allow_reboot:</span><br><span class="line"> try:</span><br><span class="line"> <span class="keyword">LOG</span>.info(<span class="string">"Rebooting"</span>)</span><br><span class="line"> # osutils.reboot()</span><br><span class="line"> except Exception <span class="keyword">as</span> <span class="keyword">ex</span>:</span><br><span class="line"> <span class="keyword">LOG</span>.<span class="keyword">error</span>('reboot failed with <span class="keyword">error</span> \'%s\'' % <span class="keyword">ex</span>)</span><br><span class="line"> <span class="keyword">else</span>:</span><br><span class="line"> <span class="keyword">LOG</span>.info(<span class="string">"Plugins execution done"</span>)</span><br><span class="line"> <span class="keyword">if</span> <span class="keyword">CONF</span>.stop_service_on_exit:</span><br><span class="line"> <span class="keyword">LOG</span>.info(<span class="string">"Stopping Cloudbase-Init service"</span>)</span><br><span class="line"> osutils.terminate()</span><br></pre></td></tr></table></figure><h3 id="sudo-命令执行的很慢,很久才出现密码输入"><a href="#sudo-命令执行的很慢,很久才出现密码输入" class="headerlink" title="sudo 命令执行的很慢,很久才出现密码输入"></a>sudo 命令执行的很慢,很久才出现密码输入</h3><p>解决方法很简单: (1)获取你的主机名:hostname (2)vi /etc/hosts 在里面加一个:127.0.0.1 主机名 问题解决啦!</p>]]></content>
<summary type="html">
<h2 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h2><p>User configurability Cloud-init ‘s behavior can be configured via user-data.</p>
<p>User-data can be given by the user at instance launch time.This is done via the –user-data or –user-data-file argument to ec2-run-instances for example.</p>
<h2 id="使用"><a href="#使用" class="headerlink" title="使用"></a>使用</h2><p>cloud init 使用的前提是镜像中已经安装了cloud-init 包,如果使用python代码(三个双引号)动态生成 user-data,需要注意的是行前一定不要留有空格,否则脚本不能执行!</p>
<h3 id="执行shell脚本"><a href="#执行shell脚本" class="headerlink" title="执行shell脚本"></a>执行shell脚本</h3><p>Begins with: #! or Content-Type: text/x-shellscript when using a MIME archive.</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">$</span><span class="bash"> cat myscript.sh</span></span><br><span class="line"></span><br><span class="line"><span class="meta">#</span><span class="bash">!/bin/sh</span></span><br><span class="line">echo "Hello World. The time is now $(date -R)!" | tee /root/output.txt</span><br></pre></td></tr></table></figure>
</summary>
<category term="Openstack" scheme="http://pystack.org/categories/Openstack/"/>
<category term="cloud-init" scheme="http://pystack.org/tags/cloud-init/"/>
<category term="openstack" scheme="http://pystack.org/tags/openstack/"/>
<category term="cloudbase-init" scheme="http://pystack.org/tags/cloudbase-init/"/>
</entry>
</feed>