内射老阿姨1区2区3区4区_久久精品人人做人人爽电影蜜月_久久国产精品亚洲77777_99精品又大又爽又粗少妇毛片

openstackrocky版詳細搭建

實驗環(huán)境

洪山ssl適用于網(wǎng)站、小程序/APP、API接口等需要進行數(shù)據(jù)傳輸應用場景,ssl證書未來市場廣闊!成為創(chuàng)新互聯(lián)公司的ssl證書銷售渠道,可以享受市場價格4-6折優(yōu)惠!如果有意向歡迎電話聯(lián)系或者加微信:18980820575(備注:SSL證書合作)期待與您的合作!

系統(tǒng):CentOS-7-x86_64-DVD-1804

實驗環(huán)境:vmware

hostname ip 功能

node1.heleicool.cn 172.16.175.11 管理節(jié)點

node2.heleicool.cn 172.16.175.12 計算節(jié)點

環(huán)境設置

安裝必要軟件:

yum install -y vim net-tools wget telnet

分別配置/etc/hosts文件:

172.16.175.11 node1.heleicool.cn
172.16.175.12 node2.heleicool.cn

分別配置/etc/resolv.conf文件:

nameserver 8.8.8.8

關(guān)閉防火墻:

systemctl disable firewalld?

systemctl stop firewalld?

關(guān)閉selinux:(應該可以省略)

setenforce 0

vim /etc/selinux/config

SELINUX=disabled

安裝openstack包

安裝對應版本的epel庫:

yum install centos-release-openstack-rocky -y

安裝openstack客戶端:

yum install python-openstackclient -y

RHEL和CentOS 默認啟用SELinux。安裝 openstack-selinux軟件包以自動管理OpenStack服務的安全策略:

yum install openstack-selinux -y

數(shù)據(jù)庫安裝

安裝包:

yum install mariadb mariadb-server python2-PyMySQL -y

創(chuàng)建和編輯配置文件/etc/my.cnf.d/openstack.cnf:

[mysqld]

bind-address = 172.16.175.11

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

啟動數(shù)據(jù)庫:

systemctl enable mariadb.service

systemctl start mariadb.service

通過運行mysql_secure_installation 腳本來保護數(shù)據(jù)庫服務。特別是,為數(shù)據(jù)庫root帳戶選擇合適的密碼 :

mysql_secure_installation

NOTE:?RUNNING?ALL?PARTS?OF?THIS?SCRIPT?IS?RECOMMENDED?FOR?ALL?MariaDB
??????SERVERS?IN?PRODUCTION?USE!??PLEASE?READ?EACH?STEP?CAREFULLY!

In?order?to?log?into?MariaDB?to?secure?it,?we'll?need?the?current
password?for?the?root?user.??If?you've?just?installed?MariaDB,?and
you?haven't?set?the?root?password?yet,?the?password?will?be?blank,
so?you?should?just?press?enter?here.

Enter?current?password?for?root?(enter?for?none):
OK,?successfully?used?password,?moving?on...

Setting?the?root?password?ensures?that?nobody?can?log?into?the?MariaDB
root?user?without?the?proper?authorisation.

Set?root?password??[Y/n]?y??#?是否設置root密碼
New?password:	#?輸入兩次root密碼
Re-enter?new?password:
Password?updated?successfully!
Reloading?privilege?tables..
?...?Success!


By?default,?a?MariaDB?installation?has?an?anonymous?user,?allowing?anyone
to?log?into?MariaDB?without?having?to?have?a?user?account?created?for
them.??This?is?intended?only?for?testing,?and?to?make?the?installation
go?a?bit?smoother.??You?should?remove?them?before?moving?into?a
production?environment.

Remove?anonymous?users??[Y/n]?y??#?是否刪除匿名用戶
?...?Success!

Normally,?root?should?only?be?allowed?to?connect?from?'localhost'.??This
ensures?that?someone?cannot?guess?at?the?root?password?from?the?network.

Disallow?root?login?remotely??[Y/n]?y?#?是否禁止root遠程登陸
?...?Success!

By?default,?MariaDB?comes?with?a?database?named?'test'?that?anyone?can
access.??This?is?also?intended?only?for?testing,?and?should?be?removed
before?moving?into?a?production?environment.

Remove?test?database?and?access?to?it??[Y/n]?y?#?是否刪除test庫

▽
?-?Dropping?test?database...

▽
?...?Success!
?-?Removing?privileges?on?test?database...
?...?Success!

Reloading?the?privilege?tables?will?ensure?that?all?changes?made?so?far
will?take?effect?immediately.

Reload?privilege?tables?now??[Y/n]?y??#?加載權(quán)限表
?...?Success!

Cleaning?up...

All?done!??If?you've?completed?all?of?the?above?steps,?your?MariaDB
installation?should?now?be?secure.

Thanks?for?using?MariaDB!

安裝消息隊列

安裝rabbitmq

yum install rabbitmq-server -y

啟動rabbitmy

systemctl enable rabbitmq-server.service

systemctl start rabbitmq-server.service

添加openstack用戶

# 我 添加的用戶名為openstack,密碼也是。

rabbitmqctl add_user openstack openstack

對openstack用戶進行讀寫授權(quán):

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

###安裝Memcached

安裝Memacached

yum install memcached python-memcached -y

編輯/etc/sysconfig/memcached,修改配置

OPTIONS="-l 127.0.0.1,::1,172.16.175.11"

啟動memcached

systemctl enable memcached.service

systemctl start memcached.service

目前為止端口信息如下

#?rabbitmq?端口
tcp????????0??????0?0.0.0.0:25672???????????0.0.0.0:*???????????????LISTEN??????1690/beam
#?mariadb-server?端口
tcp????????0??????0?172.16.175.11:3306??????0.0.0.0:*???????????????LISTEN??????1506/mysqld
#?memcached?端口
tcp????????0??????0?172.16.175.11:11211?????0.0.0.0:*???????????????LISTEN??????2236/memcached
tcp????????0??????0?127.0.0.1:11211?????????0.0.0.0:*???????????????LISTEN??????2236/memcached
tcp????????0??????0?0.0.0.0:4369????????????0.0.0.0:*???????????????LISTEN??????1/systemd
tcp????????0??????0?0.0.0.0:22??????????????0.0.0.0:*???????????????LISTEN??????766/sshd
tcp????????0??????0?127.0.0.1:25????????????0.0.0.0:*???????????????LISTEN??????1050/master
tcp6???????0??????0?:::5672?????????????????:::*????????????????????LISTEN??????1690/beam
tcp6???????0??????0?::1:11211???????????????:::*????????????????????LISTEN??????2236/memcached
tcp6???????0??????0?:::22???????????????????:::*????????????????????LISTEN??????766/sshd
tcp6???????0??????0?::1:25??????????????????:::*????????????????????LISTEN??????1050/master

開始安裝openstack服務

keystone服務安裝

配置keystone數(shù)據(jù)庫:

使用數(shù)據(jù)庫訪問客戶端以root用戶身份連接到數(shù)據(jù)庫服務器

mysql -u root -p

創(chuàng)建keystone數(shù)據(jù)庫,授予對keystone數(shù)據(jù)庫的適當訪問權(quán)限:

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

安裝配置keystone

運行以下命令以安裝軟件包:

yum install openstack-keystone httpd mod_wsgi -y

編輯/etc/keystone/keystone.conf文件并完成以下操作:

[database]

connection = mysql+pymysql://keystone:keystone@172.16.175.11/keystone

[token]

provider = fernet

填充Identity服務數(shù)據(jù)庫:

su -s /bin/sh -c "keystone-manage db_sync" keystone

# 驗證數(shù)據(jù)庫表

mysql -ukeystone -pkeystone -e "use keystone; show tables;"

初始化Fernet密鑰存儲庫:

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引導身份服務:

# ADMIN_PASS為管理用戶的密碼,這里是設置密碼。

keystone-manage bootstrap --bootstrap-password admin \

? --bootstrap-admin-url http://172.16.175.11:5000/v3/ \

? --bootstrap-internal-url http://172.16.175.11:5000/v3/ \

? --bootstrap-public-url http://172.16.175.11:5000/v3/ \

? --bootstrap-region-id RegionOne

配置Apache HTTP服務

編輯/etc/httpd/conf/httpd.conf

ServerName 172.16.175.11

創(chuàng)建/usr/share/keystone/wsgi-keystone.conf文件的鏈接:

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

啟動服務

啟動Apache HTTP服務并將其配置為在系統(tǒng)引導時啟動:

systemctl enable httpd.service

systemctl start httpd.service

配置管理帳戶

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://172.16.175.11:5000/v3

export OS_IDENTITY_API_VERSION=3

創(chuàng)建domain,projects,users and roles

雖然本指南中的keystone-manage bootstrap步驟中已存在“默認”域,但創(chuàng)建新域的正式方法是:

# openstack domain create --description "An Example Domain" example

使用默認的domain,創(chuàng)建service project:用做服務。

openstack project create --domain default \

? --description "Service Project" service

創(chuàng)建myproject項目:用做常規(guī)(非管理員)任務應使用非特權(quán)項目和用戶。

openstack project create --domain default \

? --description "Demo Project" myproject

創(chuàng)建myuser用戶:

# 創(chuàng)建用戶需要輸入密碼

openstack user create --domain default \

? --password-prompt myuser

創(chuàng)建myrole角色:

openstack role create myrole

將myuser添加到myproject項目中并賦予myrole的角色:

openstack role add --project myproject --user myuser myrole

驗證用戶

取消設置臨時 變量OS_AUTH_URL和OS_PASSWORD環(huán)境變量:

unset OS_AUTH_URL OS_PASSWORD

作為admin用戶,請求身份驗證令牌:

# 執(zhí)行后需要輸入admin密碼

openstack --os-auth-url http://172.16.175.11:5000/v3 \

? --os-project-domain-name Default --os-user-domain-name Default \

? --os-project-name admin --os-username admin token issue

作為myuser用戶,請求身份驗證令牌:

# 執(zhí)行后需要輸入admin密碼

openstack --os-auth-url http://172.16.175.11:5000/v3 \

? --os-project-domain-name Default --os-user-domain-name Default \

? --os-project-name myproject --os-username myuser token issue

創(chuàng)建openstack 客戶端環(huán)境腳本

openstack客戶端通過添加參數(shù)或使用環(huán)境變量的方式來與Identity服務進行交互,為了提高效率,創(chuàng)建環(huán)境腳本:

創(chuàng)建admin用戶環(huán)境腳本:admin-openstack.sh

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://172.16.175.11:5000/v3

export OS_IDENTITY_API_VERSION=3

創(chuàng)建myuser用戶環(huán)境腳本:demo-openstack.sh

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=myproject

export OS_USERNAME=myuser

export OS_PASSWORD=myuser

export OS_AUTH_URL=http://172.16.175.11:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

使用腳本

source admin-openstack.sh

openstack token issue

glance服務安裝

配置glance數(shù)據(jù)庫:

root用戶登陸數(shù)據(jù)庫:

mysql -u root -p

創(chuàng)建glance數(shù)據(jù)庫和用戶授權(quán):

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

創(chuàng)建glance服務憑證,使用admin用戶:

source admin-openstack.sh

創(chuàng)建glance用戶:

# 需要輸入glance用戶密碼,我的是 glance

openstack user create --domain default --password-prompt glance

將glance用戶添加到service項目中,并賦予admin角色:

openstack role add --project service --user glance admin

創(chuàng)建glance服務實體:

openstack service create --name glance \

? --description "OpenStack Image" image

創(chuàng)建Image服務API端點:

openstack endpoint create --region RegionOne image public http://172.16.175.11:9292

openstack endpoint create --region RegionOne image internal http://172.16.175.11:9292

openstack endpoint create --region RegionOne image admin http://172.16.175.11:9292

安裝和配置glance

安裝包:

yum install openstack-glance -y?

編輯/etc/glance/glance-api.conf文件并完成以下操作:

# 配置數(shù)據(jù)庫訪問:

[database]

connection = mysql+pymysql://glance:glance@172.16.175.11/glance

# 配置身份服務訪問:

[keystone_authtoken]

www_authenticate_uri? = http://172.16.175.11:5000

auth_url = http://172.16.175.11:5000

memcached_servers = 172.16.175.11:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = glance

[paste_deploy]

flavor = keystone

# 配置本地文件系統(tǒng)存儲和映像文件的位置:

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

編輯/etc/glance/glance-registry.conf文件并完成以下操作:

# 配置數(shù)據(jù)庫訪問:

[database]

connection = mysql+pymysql://glance:glance@172.16.175.11/glance

# 配置身份服務訪問:

[keystone_authtoken]

www_authenticate_uri = http://172.16.175.11:5000

auth_url = http://172.16.175.11:5000

memcached_servers = 172.16.175.11:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = glance

[paste_deploy]

flavor = keystone

填充Image服務數(shù)據(jù)庫,并驗證:

su -s /bin/sh -c "glance-manage db_sync" glance

mysql -uglance -pglance -e "use glance; show tables;"

啟動服務:

systemctl enable openstack-glance-api.service \

? openstack-glance-registry.service

systemctl start openstack-glance-api.service \

? openstack-glance-registry.service


驗證服務

來源admin憑據(jù)來訪問僅管理員CLI命令:

source admin-openstack.sh

下載源圖像:

wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

使用QCOW2磁盤格式,bare容器格式和公共可見性將圖像上載到Image服務 ,以便所有項目都可以訪問它:

# 確保cirros-0.4.0-x86_64-disk.img 文件在當前目錄下

openstack image create "cirros" \

? --file cirros-0.4.0-x86_64-disk.img \

? --disk-format qcow2 --container-format bare \

? --public

確認上傳圖像并驗證屬性:

openstack image list

nova服務安裝

Nova控制節(jié)點安裝

建立nova數(shù)據(jù)庫信息:

mysql -u root -p

創(chuàng)建nova_api,nova,nova_cell0,和placement數(shù)據(jù)庫:

CREATE DATABASE nova_api;

CREATE DATABASE nova;

CREATE DATABASE nova_cell0;

CREATE DATABASE placement;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';

使用admin權(quán)限訪問:

source admin-openstack.sh

創(chuàng)建nova用戶:

openstack user create --domain default --password-prompt nova

將admin角色添加到nova用戶:

openstack role add --project service --user nova admin

創(chuàng)建nova服務實體:

openstack service create --name nova --description "OpenStack Compute" compute

創(chuàng)建Compute API服務端點:

openstack endpoint create --region RegionOne compute public http://172.16.175.11:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://172.16.175.11:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://172.16.175.11:8774/v2.1

創(chuàng)建placement用戶:

# 需要設置用戶名的密碼,我的密碼是 placement

openstack user create --domain default --password-prompt placement

使用admin角色將Placement用戶添加到服務項目:

openstack role add --project service --user placement admin

創(chuàng)建placement服務實體:

openstack service create --name placement --description "Placement API" placement

創(chuàng)建Placement API服務端點:

openstack endpoint create --region RegionOne placement public http://172.16.175.11:8778

openstack endpoint create --region RegionOne placement internal http://172.16.175.11:8778

openstack endpoint create --region RegionOne placement admin http://172.16.175.11:8778

#####安裝nova

yum install openstack-nova-api openstack-nova-conductor \

? openstack-nova-console openstack-nova-novncproxy \

? openstack-nova-scheduler openstack-nova-placement-api -y

編輯/etc/nova/nova.conf文件并完成以下操作:

# 僅啟用計算和元數(shù)據(jù)API

[DEFAULT]

enabled_apis = osapi_compute,metadata

# 配置數(shù)據(jù)庫訪問

[api_database]

connection = mysql+pymysql://nova:nova@172.16.175.11/nova_api

[database]

connection = mysql+pymysql://nova:nova@172.16.175.11/nova

[placement_database]

connection = mysql+pymysql://placement:placement@172.16.175.11/placement

# 配置RabbitMQ消息隊列訪問

[DEFAULT]

transport_url = rabbit://openstack:openstack@172.16.175.11

# 配置身份服務訪問

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://172.16.175.11:5000/v3

memcached_servers = 172.16.175.11:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

# 啟用對網(wǎng)絡服務的支持

[DEFAULT]

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

# 配置VNC代理以使用控制器節(jié)點的管理接口IP地址

[vnc]

enabled = true

server_listen = 0.0.0.0

server_proxyclient_address = 172.16.175.11

# 配置Image服務API的位置

[glance]

api_servers = http://172.16.175.11:9292

# 配置鎖定路徑

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

# 配置Placement API

[placement]

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://172.16.175.11:5000/v3

username = placement

password = placement

配置添加到以下內(nèi)容來啟用對Placement API的訪問 /etc/httpd/conf.d/00-nova-placement-api.conf:

添加到配置文件最后

<Directory /usr/bin>

? ?<IfVersion >= 2.4>

? ? ? Require all granted

? ?</IfVersion>

? ?<IfVersion < 2.4>

? ? ? Order allow,deny

? ? ? Allow from all

? ?</IfVersion>

</Directory>

重啟httpd服務

systemctl restart httpd

填充nova-api和placement數(shù)據(jù)庫:

su -s /bin/sh -c "nova-manage api_db sync" nova

注冊cell0數(shù)據(jù)庫:

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

創(chuàng)建cell1單元格:

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

填充nova數(shù)據(jù)庫:

su -s /bin/sh -c "nova-manage db sync" nova

驗證nova cell0和cell1是否正確注冊:

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

驗證數(shù)據(jù)庫:

mysql -unova -pnova -e "use nova ; show tables;"

mysql -unova -pnova -e "use nova_api ; show tables;"

mysql -unova -pnova -e "use nova_cell0 ; show tables;"

mysql -uplacement -pplacement -e "use placement ; show tables;"

啟動nova 控制節(jié)點服務

systemctl enable openstack-nova-api.service \

? openstack-nova-scheduler.service openstack-nova-conductor.service \

? openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service \

? openstack-nova-scheduler.service openstack-nova-conductor.service \

? openstack-nova-novncproxy.service

Nova計算節(jié)點安裝

安裝包

yum install openstack-nova-compute -y

編輯/etc/nova/nova.conf文件并完成以下操作:

# 拉取控制節(jié)點配置進行修改。刪除以下配置即可,這些是數(shù)據(jù)庫訪問的配置。

[api_database]

connection = mysql+pymysql://nova:nova@172.16.175.11/nova_api

[database]

connection = mysql+pymysql://nova:nova@172.16.175.11/nova

[placement_database]

connection = mysql+pymysql://placement:placement@172.16.175.11/placement

# 添加內(nèi)容如下:

[vnc]

# 修改為計算節(jié)點的IP

server_proxyclient_address = 172.16.175.12

novncproxy_base_url = http://172.16.175.11:6080/vnc_auto.html

確定您的計算節(jié)點是否支持虛擬機的硬件加速:

egrep -c '(vmx|svm)' /proc/cpuinfo

如果此命令返回值大于1,則計算節(jié)點支持硬件加速,通常不需要其他配置。

如果此命令返回值zero,則您的計算節(jié)點不支持硬件加速,您必須配置libvirt為使用QEMU而不是KVM。

編輯文件中的[libvirt]部分,/etc/nova/nova.conf如下所示:

[libvirt]

# ...

virt_type = kvm

# 我這里的返回值雖然大于1,但是配置為kvm導致虛擬機不能啟動,修改為qemu正常,求大神赤腳。

啟動nova計算節(jié)點服務

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

將計算節(jié)點添加到單元數(shù)據(jù)庫(在管理節(jié)點執(zhí)行)

source admin-openstack.sh

# 確認數(shù)據(jù)庫中有主機

openstack compute service list --service nova-compute

# 發(fā)現(xiàn)計算主機

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

添加新計算節(jié)點時,必須在控制器節(jié)點上運行以注冊這些新計算節(jié)點。或者,您可以在以下位置設置適當?shù)拈g隔 :/etc/nova/nova.conf

[scheduler]

discover_hosts_in_cells_interval = 300

驗證操作

source admin-openstack.sh

# 列出服務組件以驗證每個進程的成功啟動和注冊:state為up 狀態(tài)

openstack compute service list

# 列出Identity服務中的API端點以驗證與Identity服務的連接

openstack catalog list

# 列出Image服務中的圖像以驗證與Image服務的連接:

openstack image list

# 檢查單元格和放置API是否成功運行:

nova-status upgrade check

這里說明一下,在openstack compute service list命令進行查看時官方文檔比你多啟動一個服務器,你啟動它就行了。

這個服務是控制臺遠程連接認證服務器,不安裝不能進行vnc遠程登錄。

systemctl enable openstack-nova-consoleauth

systemctl start openstack-nova-consoleauth


neutron 服務安裝

neutron控制節(jié)點安裝

為neutron服務創(chuàng)建數(shù)據(jù)庫相關(guān):

mysql -uroot -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

創(chuàng)建neutron管理用戶

openstack user create --domain default --password-prompt neutron

將neutron用戶添加到 neutron 服務中,并賦予admin的角色

openstack role add --project service --user neutron admin

創(chuàng)建neutron服務實體:

openstack service create --name neutron --description "OpenStack Networking" network

創(chuàng)建網(wǎng)絡服務API端點:

openstack endpoint create --region RegionOne network public http://172.16.175.11:9696

openstack endpoint create --region RegionOne network internal http://172.16.175.11:9696

openstack endpoint create --region RegionOne network admin http://172.16.175.11:9696

配置網(wǎng)絡選項

您可以使用選項1(Procider)、2(Self-service)表示的兩種體系結(jié)構(gòu)之一來部署網(wǎng)絡服務。

選項1部署了最簡單的架構(gòu),該架構(gòu)僅支持將實例附加到提供商(外部)網(wǎng)絡。沒有自助(私有)網(wǎng)絡,路由器或浮動IP地址。只有該admin特權(quán)用戶或其他特權(quán)用戶才能管理提供商網(wǎng)絡。

Procider Network

安裝插件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

配置服務器組件

編輯/etc/neutron/neutron.conf文件并完成以下操作

[DEFAULT]

# 啟用模塊化第2層(ML2)插件并禁用其他插件

core_plugin = ml2

service_plugins =

# 通知Compute網(wǎng)絡拓撲更改

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

# 配置RabbitMQ 消息隊列訪問

transport_url = rabbit://openstack:openstack@172.16.175.11

auth_strategy = keystone

[database]

# 配置數(shù)據(jù)庫訪問

connection = mysql+pymysql://neutron:neutron@172.16.175.11/neutron

[keystone_authtoken]

# 配置身份服務訪問

www_authenticate_uri = http://172.16.175.11:5000

auth_url = http://172.16.175.11:5000

memcached_servers = 172.16.175.11:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

# 配置網(wǎng)絡以通知Compute網(wǎng)絡拓撲更改

[nova]

auth_url = http://172.16.175.11:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova

# 配置鎖定路徑

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

配置模塊化第2層(ML2)插件

ML2插件使用Linux橋接機制為實例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡基礎(chǔ)架構(gòu)。

編輯/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:

[ml2]

# 啟用平面和VLAN網(wǎng)絡

type_drivers = flat,vlan

# 禁用自助服務網(wǎng)絡

tenant_network_types =

# 啟用Linux橋接機制

mechanism_drivers = linuxbridge

# 啟用端口安全性擴展驅(qū)動程序

extension_drivers = port_security

[ml2_type_flat]

# 將提供商虛擬網(wǎng)絡配置為扁平網(wǎng)絡

flat_networks = provider

[securitygroup]

# 啟用ipset以提高安全組規(guī)則的效率

enable_ipset = true

配置linux網(wǎng)橋代理

Linux網(wǎng)橋代理為實例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡基礎(chǔ)架構(gòu)并處理安全組。

編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:

[linux_bridge]

# 提供者虛擬網(wǎng)絡映射到提供者物理網(wǎng)絡接口,這里的eth-0為映射的網(wǎng)卡

physical_interface_mappings = provider:eth-0

[vxlan]

# 禁用VXLAN覆蓋網(wǎng)絡

enable_vxlan = false

[securitygroup]

# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動程序:

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

驗證以下所有sysctl值設置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過濾器:

modprobe br_netfilter

ls /proc/sys/net/bridge

在/etc/sysctl.conf中添加:

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

執(zhí)行生效

sysctl -p

配置DHCP代理

DHCP代理為虛擬網(wǎng)絡提供DHCP服務。

編輯/etc/neutron/dhcp_agent.ini文件并完成以下操作:

[DEFAULT]

# 配置Linux橋接接口驅(qū)動程序,DNSmasq DHCP驅(qū)動程序,并啟用隔離的元數(shù)據(jù),以便提供商網(wǎng)絡上的實例可以通過網(wǎng)絡訪問元數(shù)據(jù):

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

Self-service networks

安裝組件

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

配置服務組件

編輯/etc/neutron/neutron.conf文件并完成以下操作:

[DEFAULT]

# 啟用模塊化第2層(ML2)插件,路由器服務和重疊的IP地址

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

# 配置RabbitMQ 消息隊列訪問

transport_url = rabbit://openstack:openstack@172.16.175.11

auth_strategy = keystone

# 通知Compute網(wǎng)絡拓撲更改

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

[database]

# 配置數(shù)據(jù)庫訪問

connection = mysql+pymysql://neutron:neutron@172.16.175.11/neutron

[keystone_authtoken]

# 配置身份服務訪問

www_authenticate_uri = http://172.16.175.11:5000

auth_url = http://172.16.175.11:5000

memcached_servers = 172.16.175.11:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

# 配置網(wǎng)絡以通知Compute網(wǎng)絡拓撲更改

[nova]

auth_url = http://172.16.175.11:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova

# 配置鎖定路徑

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

配置模塊化第2層(ML2)插件

ML2插件使用Linux橋接機制為實例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡基礎(chǔ)架構(gòu)。

編輯/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:

[ml2]

# 啟用flat,VLAN和VXLAN網(wǎng)絡

type_drivers = flat,vlan,vxlan

# 啟用VXLAN自助服務網(wǎng)絡

tenant_network_types = vxlan

# 啟用Linux橋和第2層填充機制

mechanism_drivers = linuxbridge,l2population

# 啟用端口安全性擴展驅(qū)動程序

extension_drivers = port_security

[ml2_type_flat]

# 將提供商虛擬網(wǎng)絡配置為扁平網(wǎng)絡

flat_networks = provider

[ml2_type_vxlan]

# 自助服務網(wǎng)絡配置VXLAN網(wǎng)絡標識符范圍

vni_ranges = 1:1000

[securitygroup]

# 啟用ipset以提高安全組規(guī)則的效率

enable_ipset = true

配置Linux橋代理

Linux網(wǎng)橋代理為實例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡基礎(chǔ)架構(gòu)并處理安全組。

編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:

[linux_bridge]

# 提供者虛擬網(wǎng)絡映射到提供者物理網(wǎng)絡接口,這里的eth0為映射的網(wǎng)卡

physical_interface_mappings = provider:eth0

[vxlan]

# 啟用VXLAN重疊網(wǎng)絡,配置處理覆蓋網(wǎng)絡的物理網(wǎng)絡接口的IP地址,并啟用第2層填充

enable_vxlan = true

local_ip = 172.16.175.11

l2_population = true

[securitygroup]

# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動程序:

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

通過驗證以下所有sysctl值設置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過濾器:

modprobe br_netfilter

ls /proc/sys/net/bridge

在/etc/sysctl.conf中添加:

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

執(zhí)行生效

sysctl -p

配置第三層代理

第3層(L3)代理為自助虛擬網(wǎng)絡提供路由和NAT服務。

編輯/etc/neutron/l3_agent.ini文件并完成以下操作:

[DEFAULT]

# 配置Linux橋接接口驅(qū)動程序和外部網(wǎng)橋

interface_driver = linuxbridge

配置DHCP代理

DHCP代理為虛擬網(wǎng)絡提供DHCP服務。

編輯/etc/neutron/dhcp_agent.ini文件并完成以下操作:

[DEFAULT]

# 配置Linux橋接接口驅(qū)動程序,Dnsmasq DHCP驅(qū)動程序,并啟用隔離的元數(shù)據(jù),以便提供商網(wǎng)絡上的實例可以通過網(wǎng)絡訪問元數(shù)據(jù)

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

配置metadata 客戶端

metadata數(shù)據(jù)為虛擬機提供配置信息。

編輯/etc/neutron/metadata_agent.ini文件并完成以下操作

[DEFAULT]

# 配置metadata主機和共享密鑰

nova_metadata_host = controller

metadata_proxy_shared_secret = heleicool

# heleicool 為neutron和nova之間通信的密碼

配置計算服務(nova計算服務)使用網(wǎng)絡服務

編輯/etc/nova/nova.conf文件并執(zhí)行以下操作

[neutron]

# 配置訪問參數(shù),啟用metadata代理并配置密碼:

url = http://172.16.175.11:9696

auth_url = http://172.16.175.11:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

service_metadata_proxy = true

metadata_proxy_shared_secret = heleicool

安裝完成

網(wǎng)絡服務初始化腳本需要一個/etc/neutron/plugin.ini指向ML2插件配置文件的符號鏈接/etc/neutron/plugins/ml2/ml2_conf.ini。如果此符號鏈接不存在,請使用以下命令創(chuàng)建它

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

填充數(shù)據(jù)庫,這里需要用到neutron.conf和ml2_conf.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

? --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重啟nova 計算服務,因為修改了它的配置文件。

systemctl restart openstack-nova-api.service

啟動網(wǎng)絡服務并將其配置為在系統(tǒng)引導時啟動

systemctl enable neutron-server.service \

? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

? neutron-metadata-agent.service

systemctl start neutron-server.service \

? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

? neutron-metadata-agent.service


neutron 計算節(jié)點安裝

安裝組件

yum install openstack-neutron-linuxbridge ebtables ipset -y

配置公共組件

Networking公共組件配置包括身份驗證機制,消息隊列和插件。

編輯/etc/neutron/neutron.conf文件并完成以下操作:

注釋掉任何connection選項,因為計算節(jié)點不直接訪問數(shù)據(jù)庫

[DEFAULT]

# 配置RabbitMQ 消息隊列訪問

transport_url = rabbit://openstack:openstack@172.16.175.11

# 配置身份服務訪問

auth_strategy = keystone

[keystone_authtoken]

www_authenticate_uri = http://172.16.175.11:5000

auth_url = http://172.16.175.11:5000

memcached_servers = 172.16.175.11:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

[oslo_concurrency]

# 配置鎖定路徑

lock_path = /var/lib/neutron/tmp

配置網(wǎng)絡選項

選擇為控制器節(jié)點選擇的相同網(wǎng)絡選項,以配置特定于其的服務

Procider Network

配置網(wǎng)橋代理

Linux網(wǎng)橋代理為實例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡基礎(chǔ)架構(gòu)并處理安全組。

編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:

[linux_bridge]

# 將提供者虛擬網(wǎng)絡映射到提供者物理網(wǎng)絡接口

physical_interface_mappings = provider:eth0

[vxlan]

# 禁用VXLAN覆蓋網(wǎng)絡

enable_vxlan = false

[securitygroup]

# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動程序

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

通過驗證以下所有sysctl值設置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過濾器:

modprobe br_netfilter

ls /proc/sys/net/bridge

在/etc/sysctl.conf中添加:

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

執(zhí)行生效

sysctl -p

Self-service networks

配置網(wǎng)橋代理

Linux網(wǎng)橋代理為實例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡基礎(chǔ)架構(gòu)并處理安全組。

編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:

[linux_bridge]

# 將提供者虛擬網(wǎng)絡映射到提供者物理網(wǎng)絡接口

physical_interface_mappings = provider:eth0

[vxlan]

# 啟用VXLAN重疊網(wǎng)絡,配置處理覆蓋網(wǎng)絡的物理網(wǎng)絡接口的IP地址,并啟用第2層填充

enable_vxlan = true

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = true

[securitygroup]

# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動程序

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

通過驗證以下所有sysctl值設置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過濾器:

modprobe br_netfilter

ls /proc/sys/net/bridge

在/etc/sysctl.conf中添加:

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

執(zhí)行生效

sysctl -p

配置計算(nova計算服務)服務使用網(wǎng)絡服務

編輯/etc/nova/nova.conf文件并完成以下操作

[neutron]

# ...

url = http://172.16.175.11:9696

auth_url = http://172.16.175.11:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

完成安裝

重啟Compute服務

systemctl restart openstack-nova-compute.service

啟動Linux網(wǎng)橋代理并將其配置為在系統(tǒng)引導時啟動

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

驗證操作

Provider networks

列出驗證成功連接neutron的代理

openstack network agent list

Self-service networks

列出驗證成功連接neutron的代理

# Metadata agent/Linux brideg agent/L3 agent/DHCP agent四個代理程序

openstack network agent list

啟動實例

以上服務都沒有問題后就可以進行創(chuàng)建啟動虛擬機。

創(chuàng)建虛擬網(wǎng)絡

首先需要創(chuàng)建一個虛擬網(wǎng)絡,根據(jù)配置Neutron時選擇的網(wǎng)絡選項進行虛擬網(wǎng)絡的配置。

Provider networks

創(chuàng)建網(wǎng)絡

source admin-openstack.sh

openstack network create? --share --external \

? --provider-physical-network provider \

? --provider-network-type flat public

# --share 選項允許所有的項目使用虛擬網(wǎng)絡

# --external 選項將虛擬網(wǎng)絡定義為外部,如果你希望創(chuàng)建內(nèi)部網(wǎng)絡,則可以使用--internal。默認時internal

# --provider-physical-network為在ml2_conf.ini中配置的flat_networks。

# --provider-network-type flat 是網(wǎng)絡名稱

在網(wǎng)絡上創(chuàng)建子網(wǎng)

openstack subnet create --network public \

? --allocation-pool start=172.16.175.100,end=172.16.175.250 \

? --dns-nameserver 172.16.175.2 --gateway 172.16.175.2 \

? --subnet-range 172.16.175.0/24 public

# --subnet-range 使用CIDR表示法表示提供IP的子網(wǎng)

# start和end分別為要為實例分配IP的范圍

# --dns-nameserver 指定DNS解析的IP地址

# --gateway 網(wǎng)關(guān)地址

Self-service networks

創(chuàng)建自有網(wǎng)絡

source admin-openstack.sh

openstack network create selfservice

在網(wǎng)絡上創(chuàng)建子網(wǎng)

openstack subnet create --network selfservice \

? --dns-nameserver 8.8.8.8 --gateway 192.168.1.1 \

? --subnet-range 192.168.1.0/24 selfservice

創(chuàng)建路由

source demo-openstack.sh

openstack router create router

將自助網(wǎng)絡子網(wǎng)添加為路由器上的接口

openstack router add subnet router selfservice

在路由器上的提供商網(wǎng)絡上設置網(wǎng)關(guān)

openstack router set router --external-gateway public

驗證操作

列出網(wǎng)絡命名空間。您應該看到一個qrouter名稱空間和兩個 qdhcp名稱空間

source demo-openstack.sh

ip netns

列出路由器上的端口以確定提供商網(wǎng)絡上的網(wǎng)關(guān)IP地址

openstack port list --router router

創(chuàng)建實例配置類型

# 為虛擬機分配資源為1C64M 名為m1.nano的資源類型

openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

配置秘鑰對

# 生成秘鑰文件

ssh-keygen -q -N ""

# openstack創(chuàng)建名為mykey的秘鑰

openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

# 查看秘鑰

openstack keypair list

添加安全策略

默認情況下,default安全組適用于所有實例。

# 允許icmp

openstack security group rule create --proto icmp default

# 允許22端口

openstack security group rule create --proto tcp --dst-port 22 default

啟動實例

Provider networks

確定實例選項

查看可用的配置類型

source? demo-openstack.sh

openstack flavor list

查看可用的鏡像

openstack image list

查看可用的網(wǎng)絡

openstack network list

查看可用的安全組

openstack security group list

啟動實例

openstack server create --flavor m1.nano --image cirros \

? --nic net-id=PROVIDER_NET_ID --security-group default \

? --key-name mykey provider-instance

# PROVIDER_NET_ID 為public網(wǎng)絡ID,如果選擇環(huán)境只包含一個網(wǎng)絡,則可以省略該--nic選項,因為OpenStack會自動選擇唯一可用的網(wǎng)絡。

檢查實例的狀態(tài)

openstack server list

使用虛擬控制臺訪問實例

openstack console url show provider-instance

Self-service networks

確定實例選項

查看可用的配置類型

source? demo-openstack.sh

openstack flavor list

查看可用的鏡像

openstack image list

查看可用的網(wǎng)絡

openstack network list

查看可用的安全組

openstack security group list

啟動實例

# 替換SELFSERVICE_NET_ID為selfservice網(wǎng)絡ID 。

openstack server create --flavor m1.nano --image cirros \

? --nic net-id=SELFSERVICE_NET_ID --security-group default \

? --key-name mykey selfservice-instance

檢查實例的狀態(tài)

openstack server list

使用虛擬控制臺訪問實例

openstack console url show provider-instance

horizon服務安裝

horizon服務需要基于 Apache HTTP服務和Memcached服務,我把這個服務安裝在控制節(jié)點,所以免去了這些服務的安裝,如果你要單獨部署,則需要安裝這些服務。

安裝和配置組件

安裝包

yum install openstack-dashboard -y

編輯 /etc/openstack-dashboard/local_settings 文件并完成以下操作

# 配置儀表板以在controller節(jié)點上使用OpenStack服務

OPENSTACK_HOST = "172.16.175.11"

# 配置允許訪問的主機列表

ALLOWED_HOSTS = ['*', 'two.example.com']

# 配置memcached會話存儲服務

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

? ? 'default': {

? ? ? ? ?'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

? ? ? ? ?'LOCATION': '172.16.175.11:11211',

? ? }

}

# 啟用Identity API版本3

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

# 啟用對域的支持

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

# 配置API版本

OPENSTACK_API_VERSIONS = {

? ? "identity": 3,

? ? "image": 2,

? ? "volume": 2,

}

# 配置Default為通過儀表板創(chuàng)建的用戶的默認域

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

# 配置user為您通過儀表板創(chuàng)建的用戶的默認角色

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "myrole"

# 如果選擇網(wǎng)絡選項1,請禁用對第3層網(wǎng)絡服務的支持

OPENSTACK_NEUTRON_NETWORK = {

? ? ...

? ? 'enable_router': False,

? ? 'enable_quotas': False,

? ? 'enable_distributed_router': False,

? ? 'enable_ha_router': False,

? ? 'enable_lb': False,

? ? 'enable_firewall': False,

? ? 'enable_***': False,

? ? 'enable_fip_topology_check': False,

}

# 配置時區(qū)

TIME_ZONE = "Asia/Shanghai"

/etc/httpd/conf.d/openstack-dashboard.conf如果未包含,請?zhí)砑右韵滦?。

WSGIApplicationGroup %{GLOBAL}

安裝完成

重新啟動Web服務器和memcached存儲服務:

systemctl restart httpd.service memcached.service

完成

本文名稱:openstackrocky版詳細搭建
文章位置:http://m.rwnh.cn/article48/jcghep.html

成都網(wǎng)站建設公司_創(chuàng)新互聯(lián),為您提供企業(yè)建站、建站公司網(wǎng)站改版、商城網(wǎng)站、網(wǎng)站制作App開發(fā)

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時需注明來源: 創(chuàng)新互聯(lián)

h5響應式網(wǎng)站建設
漳浦县| 兰西县| 平凉市| 京山县| 常德市| 吴堡县| 鲜城| 浦城县| 淄博市| 六盘水市| 古丈县| 邹城市| 南漳县| 葫芦岛市| 策勒县| 伊吾县| 资中县| 营山县| 鄂伦春自治旗| 炉霍县| 通辽市| 水城县| 社会| 尉犁县| 芒康县| 舞阳县| 平安县| 赞皇县| 南木林县| 龙门县| 日照市| 古丈县| 巴塘县| 华坪县| 天气| 平邑县| 东港市| 南郑县| 怀柔区| 甘泉县| 嘉兴市|