项目背景
1.实验室服务器闲置
2.日常使用时对实验环境需求过大。单台使用不便
3.
部署环境规划
简单架构示意
项目目标
1. 实现容器化部署docker+ Ansible+openstack-tarin
2. 使用keeplived监控nova服务实现在单台服务器宕机的情况下能迅速切断连接减轻平台负载
3. HAprox+Keepalived实现集群的负载均衡和高可用(部署)
4. 部署采用自动化部署工具kolla
5. 采用源码方式部署openstack(所有组件服务的源码均存放在对应容器的根下,方便二次开发)
6. Docker镜像托管至harbor私有仓库做docker备份以及镜像源
7. 系统采用centos-2009版本(禁止使用最小化版本CentOS-7-x86_64-Minimal-2009.iso)
8. 将控制节点资源加入计算服务,此处注意在nova配额时需保留6核12g的资源来保证controller节点的正常运行
9. Freezer备份服务无法引入,环境存储资源不足
10. 部署mariadb高可用(2主)
11. 双控制节点保证基础服务的高可用
12. Neutron服务高可用
13. Kolla支持节点扩展所以本手册适用于拥有2台及以上服务器的实际生产环境
14. 使用Grafana+prometheus对主机进行监控前期准备
部署所需组件
部署
6 关闭防火墙,selinux=disabled
网卡配置
Enp8s0(网卡名称根据实际情况修改)
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp8s0
UUID=55ae341f-82d5-4656-89ce-a5bed15ee1b6
DEVICE=enp8s0
ONBOOT=yes
IPADDR=172.16.10.104
PREFIX=24
GATEWAY=172.16.10.1
DNS1=8.8.8.8
IPV6_PRIVACY=noEnp9s0(网卡名称根据实际情况修改)
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp9s0
UUID=f240ab63-3b6a-4103-9620-7798e4e70445
DEVICE=enp9s0
ONBOOT=no
IPV6_PRIVACY=no第一张网卡配置为静态地址且连接网络
第二张网卡配置为激活状态无ip模式none
所有节点均配置
Hosts配置
172.16.10.104 controller
172.16.10.105compute01
172.16.10.106 compute02所有节点均配置且需要修改对应hostname
hostnamectl set-hostname controller
hostnamectl set-hostname compute01
hostnamectl set-hostname compute02手动配置免密登录(所有节点都需执行)
ssh-keygen
ssh-copy-id compute01
ssh-copy-id compute02
ssh-copy-id controller所有节点开启ssh公钥允许登录 /etc/ssh/sshd_config
PubkeyAuthentication yes重启服务
systemctl restart sshdHarbor仓库安装
选择在存储容量较大的一台服务器安装harbor
1.解压文件harbor-offline-installer-v2.1.5.tgz
tar -xvf harbor-offline-installer-v2.1.5.tgz2.docker-ce安装(所有节点都需安装)
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
(docekr版本使用稳定版,手动指定安装) yum install -y docker-ce-19.03.13-3.el7 docker-ce-cli-19.03.13-3.el7 containerd.io
systemctl start docker
systemctl enable docker
docker version
3.docker-compose安装(所有节点安装)
scp docker-compose-Linux-x86_64 compute01:/root/
scp docker-compose-Linux-x86_64 compute02:/root/
mv docker-compose-Linux-x86_64 docker-compose
chmod +x docker-compose
mv docker-compose /usr/bin/
docker-compose -v4.修改harbor.yal.tmpl文件 (进入解压后的harbor文件夹)
修改默认端口为82
注释掉https所有选项否则无法安装
Hostname:当前主机ip(不可用127.0.0.1)
harbor_admin_password: (登录密码)
5.安装仓库
mv harbor.yml.tmpl harbor.yml
./install.sh通过浏览器访问172.16.10.104:82
6.在harbor创建公开项目openstack-train
7.将所有镜像导入docker
使用脚本docker-image-load.sh
注意镜像存放路径/mnt/kollaimage
chmod +x docker-image-load.sh
./docker-image-load.sh推送过程较长
8.推送至harbor仓库
在所有节点添加配置
vim /etc/docker/daemon.json
{
"registry-mirrors": [],
"insecure-registries": ["172.16.10.104:82"],
"debug": true,
"experimental": false
}重启dockerr
systemctl daemon-reload
systemctl restart docker使用脚本docker_image_push.sh进行推送
安装所需包(所有节点) ansible
yum install -y python-devel libffi-devel gcc openssl-devel libselinux-python
yum install -y epel-release
yum install -y python-pip
yum install -y ansible配置阿里云pip源(所有节点)安装pip
mkdir ~/.pip
cat > ~/.pip/pip.conf << EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=https://mirrors.aliyun.com/pypi/simple/
EOF
pip install -U pip
yum install -y wget
wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
python2.7 get-pip.py
pip install --ignore-installed requests安装 kolla-ansible(控制节点)
pip install pbr
pip install kolla-ansible==9.1.0 --ignore-installed PyYAML复制 kolla-ansible配置文件到当前环境(controller)
mkdir -p /etc/kolla
chown $USER:$USER /etc/kolla
cp -r /usr/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
cp /usr/share/kolla-ansible/ansible/inventory/* .修改ansible配置文件(contoller)
cat << EOF | sed -i '/^\[defaults\]$/ r /dev/stdin' /etc/ansible/ansible.cfg
host_key_checking=False
pipelining=True
forks=100
EOF后端存储Ceph部署(此次为三节点)
在所有节点配置YUM:
配置系统源码,阿里基础源和epel源:
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoYUM优先级别:
yum -y install yum-plugin-priorities.noarch所有配置ceph源:
cat << EOF | tee /etc/yum.repos.d/ceph.repo
[Ceph]
name=Ceph packages for $basearch
baseurl=http://mirrors.163.com/ceph/rpm-nautilus/el7/\$basearch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
[Ceph-noarch]
name=Ceph noarch packages
baseurl=http://mirrors.163.com/ceph/rpm-nautilus/el7/noarch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
[ceph-source]
name=Ceph source packages
baseurl=http://mirrors.163.com/ceph/rpm-nautilus/el7/SRPMS
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
EOF在所有集群和客户端节点安装Ceph
所有节点安装
yum -y install cephceph -v命令查看版本:
若报错urllib3无法安装可先删除后重装(无报错则无需执行)
pip uninstall urllib3在controller节点额外安装ceph-deploy
yum -y install ceph-deploy部署MON节点
创建目录生成配置文件
mkdir cluster
cd cluster
ceph-deploy new controller compute01 compute02初始化密钥
ceph-deploy mon create-initial将ceph.client.admin.keyring拷贝到各个节点上
ceph-deploy --overwrite-conf admin controller compute01 compute02查看是否配置成功。
ceph -s
部署MGR节点
ceph-deploy mgr create controller compute01 compute02查看MGR是否部署成功
部署OSD节点
ceph-deploy osd create --data /dev/sdb controller
ceph-deploy osd create --data /dev/sdb compute01
ceph-deploy osd create --data /dev/sdb compute02创建成功后,查看是否正常
配置ansible剧本(contoller)
1.使用剧本multinode文件配置三计算二控制
2.检查inventory配置是否正确,执行:
ansible -i multinode all -m ping3.生成openstack组件用到的密码,该操作会填充/etc/kolla/passwords.yml,该文件中默认参数为空。
kolla-genpwd- 修改keystone_admin_password,可以修改为自定义的密码方便后续horizon登录,这里改为kolla。
sed -i 's#keystone_admin_password:.*#keystone_admin_password: cqcet12345#g' /etc/kolla/passwords.yml
cat /etc/kolla/passwords.yml | grep keystone_admin_password注意:/etc/kolla/passwords.yml 为openstack各组件服务密码
5.修改全局配置文件globals.yml,该文件用来控制安装哪些组件,以及如何配置组件,由于全部是注释,这里直接追加进去,也可以逐个找到对应项进行修改。
cp /etc/kolla/globals.yml{,.bak}
cat >> /etc/kolla/globals.yml <<EOF
# Kolla options
kolla_base_distro: "centos"
kolla_install_type: "source"
openstack_release: "train"
kolla_internal_vip_address: "172.16.10.107" #漂移ip通过本IP访问dashboard此ip为网段中任意一可用IP(不能与服务器ip重复)
# Docker options
docker_registry: "172.16.10.104:82" #harborr仓库地址
docker_namespace: "openstack-train" #harbor项目地址
# Neutron - Networking Options
network_interface: "enp8s0"
neutron_external_interface: "enp9s0" #无ip的网卡用于绑定内部网络
neutron_plugin_agent: "openvswitch"
enable_neutron_provider_networks: "yes"
# OpenStack services
enable_cinder: "yes"
enable_heat: "yes"
enable_ceph: “no”
nova_backend_ceph: "yes"
glance_backend_ceph: "yes"
cinder_backend_ceph: "yes"
EOFceph为对接openstack做准备
修改ceph配置文件
osd_journal_size = 10000
osd_pool_default_size = 2
osd_pool_default_pg_num = 512
osd_pool_default_pgp_num = 512
rbd_default_features = 3
mon_max_pg_per_osd =2000
mon_allow_pool_delete=true
实验环境使用二副本存储(性能考虑),实际生产环境建议三副本数环境资源不足建议单副本
osd_pool_default_size = 3推送配置
ceph-deploy --overwrite-conf config push controller compute01 compute02重启所有节点
systemctl restart ceph-mon@controller && systemctl restart ceph-mon@compute01 && systemctl restart ceph-mon@compute02创建对应存储池并初始化
ceph osd pool create glance-images 128
ceph osd pool create cinder-bakcups 128
ceph osd pool create cinder-volumes 128
ceph osd pool create nova-vms 128
rbd pool init glance-images
rbd pool init cinder-bakcups
rbd pool init cinder-volumes
rbd pool init nova-vms
ceph接入后端图解
Glance(写入配置文件和创建ceph用户)
1.创建目录
mkdir -p /etc/kolla/config/glance2..为 glance-api.conf 配置RBD 后端
编辑 /etc/kolla/config/glance/glance-api.conf 加入如下配置:
[DEFAULT]
show_image_direct_url = True
[glance_store]
stores = rbd
default_store = rbd
rbd_store_pool = glance-images
rbd_store_user = glance
rbd_store_ceph_conf = /etc/ceph/ceph.conf3.拷贝ceph集群配置文件(/etc/ceph/ceph.conf)到 /etc/kolla/config/glance/ceph.conf
4.生成ceph.client.glance.keyring文件,并保存到 /etc/kolla/config/glance 目录
在controller节点执行命令:
ceph auth get-or-create client.glance mon 'allow rwx' osd 'allow class-read object_prefix rbd_children, allow rwx pool=glance-images' > /etc/kolla/config/glance/ceph.client.glance.keyringCinder(写入配置文件和创建ceph用户)
1.创建目录
mkdir -p /etc/kolla/config/cinder- 编辑 /etc/kolla/config/cinder/cinder-volume.conf,并配置如下内容:
[DEFAULT]
enabled_backends=rbd-1
[rbd-1]
rbd_ceph_conf=/etc/ceph/ceph.conf
rbd_user=cinder
rbd_pool=cinder-volumes
volume_backend_name=rbd-1
volume_driver=cinder.volume.drivers.rbd.RBDDriver
rbd_secret_uuid = 46398d03-1670-4f1c-850b-ccf355490a32 #在kolla配置文件夹下password.yml里找到- 编辑 /etc/kolla/config/cinder/cinder-backup.conf,并配置如下内容:
[DEFAULT]
backup_ceph_conf=/etc/ceph/ceph.conf
backup_ceph_user=cinder-backup
backup_ceph_chunk_size = 134217728
backup_ceph_pool=cinder-backups
backup_driver = cinder.backup.drivers.ceph
backup_ceph_stripe_unit = 0
backup_ceph_stripe_count = 0
restore_discard_excess_bytes = true- 拷贝ceph的配置文件(/etc/ceph/ceph.conf)到 /etc/kolla/config/cinder
- 生成 ceph.client.cinder.keyring 文件
在/etc/kolla/config/cinder/创建目录
mkdir cinder-backup
mkdir cinder-volume在 controller 节点运行:
ceph auth get-or-create client.cinder mon 'allow rwx' osd 'allow class-read object_prefix rbd_children, allow rwx pool=cinder-volumes, allow rwx pool=nova-vms ,allow rwx pool=glance-images' > /etc/kolla/config/cinder/cinder-volume/ceph.client.cinder.keyringcp /etc/kolla/config/cinder/cinder-volume/ceph.client.cinder.keyring /etc/kolla/config/cinder/cinder-backup 在controller继续运行
ceph auth get-or-create client.cinder-backup mon 'allow rwx' osd 'allow class-read object_prefix rbd_children, allow rwx pool=cinder-bakcups' > /etc/kolla/config/cinder/cinder-backup/ceph.client.cinder-backup.keyringNova (写入配置文件和创建ceph用户)
1.创建目录
mkdir -p /etc/kolla/config/nova- 编辑 /etc/kolla/config/nova/nova-compute.conf ,配置如下内容:
[libvirt]
images_rbd_pool=nova-vms
images_type=rbd
images_rbd_ceph_conf=/etc/ceph/ceph.conf
rbd_user=nova- 生成 ceph.client.nova.keyring 文件
Controller节点执行
ceph auth get-or-create client.nova mon 'allow rwx' osd 'allow class-read object_prefix rbd_children, allow rwx pool=nova-vms' > /etc/kolla/config/nova/ceph.client.nova.keyring拷贝ceph.conf, 和cinder client keyring 到 /etc/kolla/config/nova
平台部署与环境初始化
预配置,安装docker、docker sdk、关闭防火墙、配置时间同步等
为各节点配置基础环境且会下载大量rpm包请务必保证节点网络的正常
kolla-ansible -i ./multinode bootstrap-servers执行实际部署,拉取镜像,运行对应组件容器‘
kolla-ansible -i ./multinode deploy安装完成后通过vip访问web界面此处为172.16.10.150为负载均衡ip入口
Grafana+prometheus
Grafana(监控界面提供)
查找镜像
docker search grafana/grafana拉取容器镜像
docker pull grafana/grafana查看容器
docker images启动容器
docker run -d --name grafana -p 3000:3000 grafana/grafana:masterGrafana的配置文件为:(/etc/grafana/grafana.ini),进入容器:docker exec -it grafana bash
http://ip:3000
注意:默认用户和密码:admin:admin
访问:
Prometheus(监控信息提供)
快速开始
拉取容器镜像
docker pull prom/node-exporter
docker pull prom/prometheus启动node-exporter:这个exporter是采集主机信息的
docker run -d -p 9100:9100 \
-v "/proc:/host/proc:ro" \
-v "/sys:/host/sys:ro" \
-v "/:/rootfs:ro" \
--net="host" \
prom/node-exporter访问url
http://ip:9100/metrics新建目录prometheus,编辑配置文件prometheus.yml
mkdir /home/prometheus
cd /home/prometheus
vim prometheus.yml
global:
scrape_interval: 60s
evaluation_interval: 60s
scrape_configs:
- job_name: prometheus
static_configs:
- targets: ['localhost:9090']
labels:
instance: prometheus
- job_name: linux
static_configs:
- targets: ['172.16.10.104:9100']
labels:
instance: localhost启动prometheus
docker run -d \
-p 9090:9090 \
-v /home/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml \
prom/prometheus访问url
http://ip:9090/graph访问targets
http://ip:9090/targets快速使用
Name名字写Prometheus
如果有type 的话选择Prometheus,因为数据都从它那里获取
URL输入Prometheus的ip+端口
点击下面的Save & Test,如果出现绿色的,说明ok了
2.节点扩展
在其他节点执行
docker pull prom/node-exporter启动node-exporter
docker run -d -p 9100:9100 \
-v "/proc:/host/proc:ro" \
-v "/sys:/host/sys:ro" \
-v "/:/rootfs:ro" \
--net="host" \
prom/node-exporter创建节点配置文件nodes-linux.yaml
- targets:
- 172.16.10.105:9100
labels:
app: node-exporter
job: node
- targets:
- 172.16.10.105:9100
labels:
app: node-exporter
job: node复制进入容器内(没有对应文件夹则进入容器创建)
docker cp nodes-linux.yaml 60e529177213:/etc/prometheus/targets/重启容器
docker restart 60e529177213查看节点信息
http:// ip:9090/targets
3、配置Grafana数据展示模板
http://ip:3000/
至此Prometheus和Grafana已经打通了,接下来需要添加个图形模板以便展示数据。
输入模板号
点击load
访问http://ip:3000/如下
下篇文章补充平台测试部分,并对文章格式进行调整
