我实际上正在使用 OpenStack (Stein) 为我的公司建立私有云。我按照官方网站上的教程进行操作,一切似乎都运行良好......除了从云实例获取元数据之外。
让我解释一下如何设置我的基础设施:
所有 OpenStack 均安装在 KVM 主机上(2xXeon 32 核、320Go RAM、2To HDD,...)
我设置虚拟机如下:
- openstack-controller001 192.168.50.11
- openstack-compute001 192.168.50.41
- openstack-storage001 192.168.50.61(对于 Cinder)
- db001 192.168.50.81(数据库与控制器不在同一服务器上)
- ldap001 192.168.50.251(尚未使用LDAP,仅使用DNS和NTP服务器)
当我启动从云映像创建的 Ubuntu 或 Debian 的新实例时,我无法通过 SSH 连接到这些虚拟机,我的密钥对始终被拒绝(错误:权限被拒绝)。经过一番调查,我意识到虚拟机没有从主机上传 SSH 私钥。看来虚拟机正在通过使用我的虚拟网络的 DHCP 服务器 IP 地址而不是元数据代理服务器来联系元数据服务器,如果我没有记错的话,元数据代理服务器是控制器?
[ 15.840973] cloud-init[386]: 2019-05-20 05:53:58,124 - url_helper.py[WARNING]: Calling 'http://172.16.10.10/latest/meta-data/instance-id' failed [0/120s]: request error [HTTPConnectionPool(host='172.16.10.10', port=80): Max retries exceeded with url: /latest/meta-data/instance-id (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x7f098d1c0e10>: Failed to establish a new connection: [Errno 111] Connection refused',))]
172.16.10.10 代表我的虚拟网络的 DHCP 服务器(172.16.0.0/16,DHCP 范围 172.16.10.10~172.16.20.254)。我认为尽管配置看起来是正确的,但还是有问题。
/etc/neutron/neutron.conf (openstack-controller001)
[DEFAULT]
# ...
nova_metadata_host = openstack-controller001
metadata_proxy_shared_secret = XXXXXXXXXXXXXXXXXX
/etc/nova/nova.conf (openstack-compute001)
[neutron]
# ...
service_metadata_proxy = true
metadata_proxy_shared_secret = XXXXXXXXXXXXXXXXXX
答案1
谢谢你的回复。
元数据服务器运行在 openstack-controller001 上:
[admin@openstack-controller001 ~]$ systemctl status neutron-metadata-agent
\u25cf neutron-metadata-agent.service - OpenStack Neutron Metadata Agent
Loaded: loaded (/usr/lib/systemd/system/neutron-metadata-agent.service; enabled; vendor preset: disabled)
Active: active (running) since \u6708 2019-05-20 14:45:59 JST; 23h ago
Main PID: 15329 (/usr/bin/python)
CGroup: /system.slice/neutron-metadata-agent.service
\u251c\u250015329 /usr/bin/python2 /usr/bin/neutron-metadata-agent --config-...
\u251c\u250015357 /usr/bin/python2 /usr/bin/neutron-metadata-agent --config-...
\u2514\u250015358 /usr/bin/python2 /usr/bin/neutron-metadata-agent --config-...
5\u6708 20 14:45:59 openstack-controller001.adoc.local systemd[1]: Stopped Open...
5\u6708 20 14:45:59 openstack-controller001.adoc.local systemd[1]: Started Open...
Hint: Some lines were ellipsized, use -l to show in full.
我不知道我的虚拟机是否可以访问 169.254.169.254 服务器,但从网络命名空间可以访问
[admin@openstack-controller001 ~]$ openstack network list
+--------------------------------------+---------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+---------------+--------------------------------------+
| 838b6191-33d6-4683-958e-cee434518743 | provider | d524b6e6-24ad-4a28-9482-b03f4bf22690 |
| c6ed4cfe-43b4-42b7-8fb5-f205a962f9f7 | adoc-net-main | 053681d8-4d5c-4ef4-8be7-f2276d43b26c |
+--------------------------------------+---------------+--------------------------------------+
[admin@openstack-controller001 ~]$ ip netns
qdhcp-838b6191-33d6-4683-958e-cee434518743 (id: 0)
qrouter-3a164855-6c8f-447c-8b0f-49e86d823488 (id: 2)
qdhcp-c6ed4cfe-43b4-42b7-8fb5-f205a962f9f7 (id: 1)
[root@openstack-controller001 admin]# ip netns exec qdhcp-c6ed4cfe-43b4-42b7-8fb5-f205a962f9f7 ping 169.254.169.254
PING 169.254.169.254 (169.254.169.254) 56(84) bytes of data.
64 bytes from 169.254.169.254: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 169.254.169.254: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 169.254.169.254: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 169.254.169.254: icmp_seq=4 ttl=64 time=0.048 ms
64 bytes from 169.254.169.254: icmp_seq=5 ttl=64 time=0.033 ms
VM从DHCP服务器寻找本地元数据服务器是否正常?