1 2 3 4 5 6 7 作者:李晓辉 联系方式: 1. 微信:Lxh_Chat 2. 邮箱:939958092@qq.com
Undercloud概述 今天来聊聊红帽 OpenStack 平台(RHOSP)部署里的 Director undercloud 节点。这玩意儿可厉害了,它就像是 RHOSP 部署的“大管家”,专门负责搞定 OpenStack overcloud 的安装和管理。背后的大功臣就是 TripleO Deployment 服务,它还拉上了 Heat 和 Ansible Playbook 这些 OpenStack 组件,一起把裸机系统搞定,把它们变成 OpenStack 云节点。
undercloud 就是 overcloud 的“母体”,它的工作就是搞定 overcloud 的那些节点,像控制器、计算和存储节点之类的。要是这些基础架构节点是建在物理硬件上的,undercloud 就能当个“救生员”,在硬件出问题时帮忙恢复。不过在咱们这里,为了方便学习,undercloud 是跑在虚拟机上的。undercloud 里有好几个厉害的组件,一起来瞅瞅:
身份服务(Keystone) :这个家伙负责用户的身份验证和授权,不过它只管 undercloud 里的 OpenStack 服务,算是个“门卫”。
镜像服务(Glance) :它就像个“仓库”,专门存那些要部署到裸机节点的初始映像。这些映像里有 Red Hat Enterprise Linux(RHEL)操作系统、KVM 虚拟机管理程序和容器运行时,全是好东西。
计算服务(Nova) :Nova 和裸机服务配合得相当默契,它能通过内省可用系统,把硬件属性摸得一清二楚,然后预置节点。它的调度功能也很牛,会筛选可用节点,确保选出来的节点能满足角色要求。
裸机服务(Ironic) :Ironic 可是管理物理机的大佬,它能搞定物理机的管理和预置。ironic-inspector服务更是厉害,它能通过 PXE 引导那些还没注册的硬件,执行内省。undercloud 还会用带外管理接口(比如 IPMI)在内省的时候搞定电源管理。
编排服务(Heat) :Heat 拿出了一套 YAML 模板和节点角色,专门用来定义 overcloud 部署的配置和供应说明。默认的编排模板在/usr/share/openstack-tripleo-heat-templates里,要是想改改,用环境参数文件就行。
对象服务(Swift) :undercloud 的对象存储里头,藏着镜像、部署日志和内省结果,是个“百宝箱”。
联网服务(Neutron) :Neutron 负责配置所需的 provisioning 网络和 external 网络接口。provisioning 网络给裸机节点提供 DHCP 和 PXE 引导功能,external 网络则提供公共连接,是个“网络大管家”。
undercloud 这家伙,真是个能干的“大管家”,把 overcloud 的事儿都安排得明明白白。要是你想深入了解 RHOSP 部署,undercloud 绝对是个绕不开的关键角色。
查看 Undercloud 当你搞定 undercloud 安装的时候,系统会在 stack 用户的主目录里偷偷放一个 stackrc 文件,这可是个好东西!它就像是一个“魔法钥匙”,能让你轻松访问 undercloud 上的各种服务。
这个 stackrc 文件会自动从 stack 用户的 .bashrc 文件里“借”一些东西,然后它就拥有了访问 undercloud 的 admin 权限。有了它,你就可以像管理员一样,对 undercloud 上的服务为所欲为了。
在这个文件里,有一个特别重要的东西叫 OS_AUTH_URL,它就像是一个“导航仪”,指向了 undercloud 的身份服务公共端点。简单来说,它告诉你的系统:“嘿,去这个地方找身份验证服务哦!”这样一来,你就能很方便地和 undercloud 上的服务打交道了。
1 (undercloud) [stack@director ~]$ source stackrc
列出服务列表 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (undercloud) [stack@director ~]$ openstack service list +----------------------------------+------------------+-------------------------+ | ID | Name | Type | +----------------------------------+------------------+-------------------------+ | 2a08c08cc51a4f299536fc66e4b748b6 | nova | compute | | 313b7a22ef534d3fa367f50d7c9e2754 | mistral | workflowv2 | | 417c10b71acb4c1aa40169e251b3d16d | zaqar-websocket | messaging-websocket | | 4d957e71f3284818b3a0617218f446bd | neutron | network | | 6402d082e73a459c93d5e0b70783b7e5 | placement | placement | | 6f778463089446f49905f6842c25d92e | ironic-inspector | baremetal-introspection | | 7aa774aa28c344e49aa9eb01de4900ec | zaqar | messaging | | a4158e3f67a1472cb0798ebc979e4e3a | ironic | baremetal | | a822dfa8c6da4695a702b46e38d0077d | heat | orchestration | | ba7910222ac042c6a847a9a3c3c5074a | glance | image | | bd92462118c042a1a55967372b4b695f | keystone | identity | | d9a5f802093d48958acb7f6e857f0384 | swift | object-store | +----------------------------------+------------------+-------------------------+
列出endpoint 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 (undercloud) [stack@director ~]$ openstack endpoint list -c 'Service Type' -c 'Interface' -c 'URL' +-------------------------+-----------+----------------------------------------------------+ | Service Type | Interface | URL | +-------------------------+-----------+----------------------------------------------------+ | placement | internal | http://172.25.249.202:8778/placement | | image | internal | http://172.25.249.202:9292 | | baremetal | internal | http://172.25.249.202:6385 | | messaging-websocket | admin | ws://172.25.249.202:9000 | | placement | admin | http://172.25.249.202:8778/placement | | identity | admin | http://172.25.249.202:35357 | | compute | internal | http://172.25.249.202:8774/v2.1 | | identity | public | https://172.25.249.201:13000 | | baremetal-introspection | admin | http://172.25.249.202:5050 | | messaging | internal | http://172.25.249.202:8888 | | baremetal | public | https://172.25.249.201:13385 | | messaging-websocket | internal | ws://172.25.249.202:9000 | | image | admin | http://172.25.249.202:9292 | | orchestration | internal | http://172.25.249.202:8004/v1/%(tenant_id)s | | placement | public | https://172.25.249.201:13778/placement | | image | public | https://172.25.249.201:13292 | | compute | admin | http://172.25.249.202:8774/v2.1 | | orchestration | public | https://172.25.249.201:13004/v1/%(tenant_id)s | | object-store | public | https://172.25.249.201:13808/v1/AUTH_%(tenant_id)s | | orchestration | admin | http://172.25.249.202:8004/v1/%(tenant_id)s | | baremetal-introspection | internal | http://172.25.249.202:5050 | | network | admin | http://172.25.249.202:9696 | | network | public | https://172.25.249.201:13696 | | workflowv2 | admin | http://172.25.249.202:8989/v2 | | baremetal | admin | http://172.25.249.202:6385 | | messaging-websocket | public | wss://172.25.249.201:9000 | | object-store | admin | http://172.25.249.202:8080 | | identity | internal | http://172.25.249.202:5000 | | workflowv2 | public | https://172.25.249.201:13989/v2 | | messaging | admin | http://172.25.249.202:8888 | | messaging | public | https://172.25.249.201:13888 | | workflowv2 | internal | http://172.25.249.202:8989/v2 | | compute | public | https://172.25.249.201:13774/v2.1 | | network | internal | http://172.25.249.202:9696 | | object-store | internal | http://172.25.249.202:8080/v1/AUTH_%(tenant_id)s | | baremetal-introspection | public | https://172.25.249.201:13050 | +-------------------------+-----------+----------------------------------------------------+
列出各个服务的密码 1 2 3 4 5 (undercloud) [stack@director ~]$ cat undercloud-passwords.conf [auth] undercloud_admin_password: B7Hk2yX2zly2tKwDrVh3TGFjp undercloud_admin_token: B88pjtnpb7ch1bCMLUJqLdGAj undercloud_aodh_password: LKNMhUQNwhmapU74r8k8Llraw
查看 Undercloud ⽹络 通过 DHCP 和 PXE 引导,用一个独立的高吞吐量置备网络 来搞定 overcloud 节点的准备和部署。这个独立网络就像是一个“专属通道”,专门用来快速搞定节点的配置和部署,效率超高!
等你把 overcloud 部署好了,undercloud 还会继续在这个置备网络里帮忙,管理 overcloud 的节点,还能随时更新它们。而且,这个置备网络是独立的,它和 overcloud 内部的流量以及外部的工作负载流量完全分开,互不干扰。这样一来,overcloud 的运行更加稳定,管理也更方便。
简单来说,undercloud 给 overcloud 节点准备了一个“快速通道”,不仅部署速度快,还能在后台安静地管理,完全不影响其他流量。这设计可真巧妙!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (undercloud) [stack@director ~]$ cat undercloud.conf | egrep -v "(^#.*|^$)" [DEFAULT] container_images_file = /home/stack/containers-prepare-parameter.yaml custom_env_files = /home/stack/custom-undercloud-params.yaml enable_telemetry = false generate_service_certificate = false hieradata_override = /home/stack/hieradata.yaml local_interface = eth1 local_ip = 172.25.249.200/24 overcloud_domain_name = overcloud.example.com undercloud_admin_host = 172.25.249.202 undercloud_debug = false undercloud_ntp_servers = 172.25.254.254 undercloud_public_host = 172.25.249.201 undercloud_service_certificate = /etc/pki/tls/certs/undercloud.pem [ctlplane-subnet] cidr = 172.25.249.0/24 dhcp_end = 172.25.249.59 dhcp_start = 172.25.249.51 gateway = 172.25.249.200 inspection_iprange = 172.25.249.150,172.25.249.180 masquerade = true
以简短的方式列出ip信息,br-ctlplane ⽹桥是 172.25.249.0 置备⽹络。eth0 接⼝是 172.25.250.0公共⽹络。
1 2 3 4 5 6 7 (undercloud) [stack@director ~]$ ip -br address lo UNKNOWN 127.0.0.1/8 ::1/128 eth0 UP 172.25.250.200/24 fe80::1f21:2be6:7500:dfef/64 eth1 UP fe80::5054:ff:fe00:f9c8/64 ovs-system DOWN br-int DOWN br-ctlplane UNKNOWN 172.25.249.200/24 172.25.249.202/32 172.25.249.201/32 fe80::5054:ff:fe00:f9c8/64
查看br_ctlplane网络范围
1 2 3 4 5 6 7 8 9 10 11 (undercloud) [stack@director ~]$ openstack subnet show ctlplane-subnet +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+ | allocation_pools | 172.25.249.51-172.25.249.59 | | cidr | 172.25.249.0/24 | | created_at | 2020-10-22T09:22:35Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 172.25.249.200
查看置备资源 在最开始配置硬件的时候,裸机恢复服务会用 IPMI 来给托管的节点“开个绿灯”,让它们通上电。然后,默认情况下,这些节点就会通过 PXE 引导,开始“四处打听”:它们会向 DHCP 服务器请求一个临时的 IP 地址,然后去拿启动用的临时内核镜像和 ramdisk 镜像,接着就能开始网络引导了。
查看PXE镜像 1 2 3 4 5 6 7 8 (undercloud) [stack@director ~]$ openstack image list +--------------------------------------+------------------------+--------+ | ID | Name | Status | +--------------------------------------+------------------------+--------+ | da2b80ea-5ffc-400c-bc0c-82b04facad9e | overcloud-full | active | | 9826607c-dff5-45b0-b0c4-78c44b8665e9 | overcloud-full-initrd | active | | bc188e61-99c5-4d32-8c32-e1e3d467149d | overcloud-full-vmlinuz | active | +--------------------------------------+------------------------+--------+
overcloud-full
overcloud-full-initrd
overcloud-full-vmlinuz
这些镜像共同作用,确保 OpenStack 环境能够顺利启动和运行。
列出注册的节点 1 2 3 4 5 6 7 8 9 10 (undercloud) [stack@director ~]$ openstack baremetal node list -c Name -c 'Power State' -c 'Provisioning State' +-------------+-------------+--------------------+ | Name | Power State | Provisioning State | +-------------+-------------+--------------------+ | controller0 | None | active | | compute0 | None | active | | computehci0 | None | active | | compute1 | None | active | | ceph0 | None | active | +-------------+-------------+--------------------+
Undercloud 上的电源管理 在一般的 overcloud 部署里,那些节点大多是实实在在的物理设备,比如刀片服务器或者机架服务器。这些家伙都有一个很酷的功能——通过无人值守网络管理接口,可以远程控制电源开关,方便得很!
不过,咱们这个课程里有点不一样。它用的是基于软件的裸机控制器接口,来假装做那些电源管理的事儿。这样一来,就不用真的去摆弄那些物理设备了,方便在学习环境里折腾。
至于 Bare Metal 服务,它在给节点注册的时候,会把电源管理参数一股脑儿加载进去。这些参数是从一个叫 instackenv-initial.json 的配置文件里读出来的。简单来说,这个文件就像是一个“说明书”,告诉 Bare Metal 服务该怎么去控制每个节点的电源。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (undercloud) [ stack@director ~] $ cat instackenv-initial.json { "nodes" : [ { "name" : "controller0" , "arch" : "x86_64" , "cpu" : "2" , "disk" : "40" , "memory" : "8192" , "mac" : [ "52:54:00:00:f9:01" ] , "pm_addr" : "172.25.249.101" , "pm_type" : "pxe_ipmitool" , "pm_user" : "admin" , "pm_password" : "password" , "pm_port" : "623" , "capabilities" : "node:controller0,boot_option:local" } ,
执⾏ IPMI 电源管理 先查询IPMI地址
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (undercloud) [stack@director ~]$ cat instackenv-initial.json | jq '.nodes[] | {name: .name, pm_addr: .pm_addr, pm_user: .pm_user, pm_password: .pm_password}' { "name" : "controller0" , "pm_addr" : "172.25.249.101" , "pm_user" : "admin" , "pm_password" : "password" } { "name" : "compute0" , "pm_addr" : "172.25.249.102" , "pm_user" : "admin" , "pm_password" : "password" } { "name" : "computehci0" , "pm_addr" : "172.25.249.106" , "pm_user" : "admin" , "pm_password" : "password" } { "name" : "compute1" , "pm_addr" : "172.25.249.112" , "pm_user" : "admin" , "pm_password" : "password" } { "name" : "ceph0" , "pm_addr" : "172.25.249.103" , "pm_user" : "admin" , "pm_password" : "password" }
各种电源操作命令
1 2 3 (undercloud) [stack@director ~]$ ipmitool -I lanplus -U admin -P password -H 172.25.249.101 power status (undercloud) [stack@director ~]$ openstack baremetal node power on ceph0 (undercloud) [stack@director ~]$ openstack baremetal node power off ceph0
微信
