Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

3.2. 部署后端服务

使用部署基本后端服务创建 OpenStackControlPlane 自定义资源(CR),并禁用所有 Red Hat OpenStack Platform (RHOSP)服务。此 CR 是 control plane 的基础。

先决条件

  • 要采用的云正在运行,它处于 RHOSP 17.1 的最新次要版本。
  • 源云的所有 control plane 和数据平面主机都在运行,并在整个采用过程中继续运行。
  • 部署 openstack-operator,但未部署 OpenStackControlPlane
  • 安装 OpenStack Operator。如需更多信息,请参阅在 OpenShift 上部署 Red Hat OpenStack Services 中的 安装和准备 Operator
  • 如果您在 RHOSP 环境中启用了 TLS (TLS-e),您必须将 tls root CA 从 RHOSP 环境复制到 rootca-internal 签发者。
  • Galera 和 RabbitMQ 有可用的 PV。

  • 为 control plane 部署设置所需的 admin 密码。这可以是来自您原始部署的管理员密码或不同的密码: 

    ADMIN_PASSWORD=SomePassword
    Copy to Clipboard Toggle word wrap

    使用现有的 RHOSP 部署密码: 

    declare -A TRIPLEO_PASSWORDS
TRIPLEO_PASSWORDS[default]="$HOME/overcloud-passwords.yaml"
ADMIN_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' AdminPassword:' | awk -F ': ' '{ print $2; }')
    Copy to Clipboard Toggle word wrap

  • 设置服务密码变量以匹配原始部署。数据库密码在 control plane 环境中可能会有所不同,但您必须同步服务帐户密码。

    例如,在使用 director 独立的开发人员环境中,可以提取密码: 

    AODH_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' AodhPassword:' | awk -F ': ' '{ print $2; }')
BARBICAN_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' BarbicanPassword:' | awk -F ': ' '{ print $2; }')
CEILOMETER_METERING_SECRET=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' CeilometerMeteringSecret:' | awk -F ': ' '{ print $2; }')
CEILOMETER_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' CeilometerPassword:' | awk -F ': ' '{ print $2; }')
CINDER_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' CinderPassword:' | awk -F ': ' '{ print $2; }')
GLANCE_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' GlancePassword:' | awk -F ': ' '{ print $2; }')
HEAT_AUTH_ENCRYPTION_KEY=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' HeatAuthEncryptionKey:' | awk -F ': ' '{ print $2; }')
HEAT_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' HeatPassword:' | awk -F ': ' '{ print $2; }')
HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' HeatStackDomainAdminPassword:' | awk -F ': ' '{ print $2; }')
IRONIC_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' IronicPassword:' | awk -F ': ' '{ print $2; }')
MANILA_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' ManilaPassword:' | awk -F ': ' '{ print $2; }')
NEUTRON_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' NeutronPassword:' | awk -F ': ' '{ print $2; }')
NOVA_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' NovaPassword:' | awk -F ': ' '{ print $2; }')
OCTAVIA_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' OctaviaPassword:' | awk -F ': ' '{ print $2; }')
PLACEMENT_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' PlacementPassword:' | awk -F ': ' '{ print $2; }')
SWIFT_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' SwiftPassword:' | awk -F ': ' '{ print $2; }')
    Copy to Clipboard Toggle word wrap

流程

  1. 确保您在使用要部署 control plane 的 Red Hat OpenShift Container Platform (RHOCP)命名空间: 

    $ oc project openstack
    Copy to Clipboard Toggle word wrap
  2. 创建 RHOSP secret。如需更多信息,请参阅在 OpenShift 上部署 Red Hat OpenStack Services 中的 为 Red Hat OpenStack Services 提供安全访问 OpenShift 服务

  3. 如果 $ADMIN_PASSWORD 与您在 osp-secret 中设置的密码不同,请修改 osp-secret 中的 AdminPassword 键: 

    $ oc set data secret/osp-secret "AdminPassword=$ADMIN_PASSWORD"
    Copy to Clipboard Toggle word wrap

  4. osp-secret 中设置服务帐户密码,以匹配原始部署中的服务帐户密码: 

    $ oc set data secret/osp-secret "AodhPassword=$AODH_PASSWORD"
$ oc set data secret/osp-secret "BarbicanPassword=$BARBICAN_PASSWORD"
$ oc set data secret/osp-secret "CeilometerPassword=$CEILOMETER_PASSWORD"
$ oc set data secret/osp-secret "CinderPassword=$CINDER_PASSWORD"
$ oc set data secret/osp-secret "GlancePassword=$GLANCE_PASSWORD"
$ oc set data secret/osp-secret "HeatAuthEncryptionKey=$HEAT_AUTH_ENCRYPTION_KEY"
$ oc set data secret/osp-secret "HeatPassword=$HEAT_PASSWORD"
$ oc set data secret/osp-secret "HeatStackDomainAdminPassword=$HEAT_STACK_DOMAIN_ADMIN_PASSWORD"
$ oc set data secret/osp-secret "IronicPassword=$IRONIC_PASSWORD"
$ oc set data secret/osp-secret "IronicInspectorPassword=$IRONIC_PASSWORD"
$ oc set data secret/osp-secret "ManilaPassword=$MANILA_PASSWORD"
$ oc set data secret/osp-secret "MetadataSecret=$METADATA_SECRET"
$ oc set data secret/osp-secret "NeutronPassword=$NEUTRON_PASSWORD"
$ oc set data secret/osp-secret "NovaPassword=$NOVA_PASSWORD"
$ oc set data secret/osp-secret "OctaviaPassword=$OCTAVIA_PASSWORD"
$ oc set data secret/osp-secret "PlacementPassword=$PLACEMENT_PASSWORD"
$ oc set data secret/osp-secret "SwiftPassword=$SWIFT_PASSWORD"
    Copy to Clipboard Toggle word wrap

  5. 部署 OpenStackControlPlane CR。确保您只启用 DNS、Galera、Memcached 和 RabbitMQ 服务。所有其他服务必须禁用: 

    $ oc apply -f - <<EOF
apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
  name: openstack
spec:
  secret: osp-secret
  storageClass: <storage_class>
    1 
    

  barbican:
    enabled: false
    template:
      barbicanAPI: {}
      barbicanWorker: {}
      barbicanKeystoneListener: {}

  cinder:
    enabled: false
    template:
      cinderAPI: {}
      cinderScheduler: {}
      cinderBackup: {}
      cinderVolumes: {}

  dns:
    template:
      override:
        service:
          metadata:
            annotations:
              metallb.universe.tf/address-pool: ctlplane
              metallb.universe.tf/allow-shared-ip: ctlplane
              metallb.universe.tf/loadBalancerIPs: 192.168.122.80
    2 
    

          spec:
            type: LoadBalancer
      options:
      - key: server
        values:
        - 192.168.122.1
      replicas: 1

  glance:
    enabled: false
    template:
      glanceAPIs: {}

  heat:
    enabled: false
    template: {}

  horizon:
    enabled: false
    template: {}

  ironic:
    enabled: false
    template:
      ironicConductors: []

  keystone:
    enabled: false
    template: {}

  manila:
    enabled: false
    template:
      manilaAPI: {}
      manilaScheduler: {}
      manilaShares: {}

  galera:
    enabled: true
    templates:
      openstack:
        secret: osp-secret
        replicas: 3
        storageRequest: 5G
      openstack-cell1:
    3 
    
        secret: osp-secret
        replicas: 3
        storageRequest: 5G
      openstack-cell2:
        secret: osp-secret
        replicas: 1
        storageRequest: 5G
      openstack-cell3:
        secret: osp-secret
        replicas: 1
        storageRequest: 5G
  memcached:
    enabled: true
    templates:
      memcached:
        replicas: 3

  neutron:
    enabled: false
    template: {}

  nova:
    enabled: false
    template: {}

  ovn:
    enabled: false
    template:
      ovnController:
        networkAttachment: tenant
        nodeSelector:
          node: non-existing-node-name
      ovnNorthd:
        replicas: 0
      ovnDBCluster:
        ovndbcluster-nb:
          replicas: 3
          dbType: NB
          networkAttachment: internalapi
        ovndbcluster-sb:
          replicas: 3
          dbType: SB
          networkAttachment: internalapi

  placement:
    enabled: false
    template: {}

  rabbitmq:
    templates:
      rabbitmq:
        override:
          service:
            metadata:
              annotations:
                metallb.universe.tf/address-pool: internalapi
                metallb.universe.tf/loadBalancerIPs: 172.17.0.85
            spec:
              type: LoadBalancer
      rabbitmq-cell1:
        persistence:
          storage: 5G
        override:
          service:
            metadata:
              annotations:
                metallb.universe.tf/address-pool: internalapi
                metallb.universe.tf/loadBalancerIPs: 172.17.0.86

            spec:
              type: LoadBalancer
      rabbitmq-cell2:
        persistence:
          storage: 5G
        override:
          service:
            metadata:
              annotations:
                metallb.universe.tf/address-pool: internalapi
                metallb.universe.tf/loadBalancerIPs: 172.17.0.87
            spec:
              type: LoadBalancer
      rabbitmq-cell3:
        persistence:
          storage: 5G
        override:
          service:
            metadata:
              annotations:
                metallb.universe.tf/address-pool: internalapi
                metallb.universe.tf/loadBalancerIPs: 172.17.0.88
            spec:
              type: LoadBalancer
  telemetry:
    enabled: false
  tls:
    4 
    
    podLevel:
      enabled: false
    ingress:
      enabled: false
  swift:
    enabled: false
    template:
      swiftRing:
        ringReplicas: 1
      swiftStorage:
        replicas: 0
      swiftProxy:
        replicas: 1
EOF
    Copy to Clipboard Toggle word wrap
    1
    在 RHOCP 集群中选择一个现有的 < storage_class >。
    2
    <loadBalancer_IP& gt; 替换为 LoadBalancer IP 地址。
    3
    本例为 3 个计算单元提供所需的基础架构数据库和消息传递服务,名为 cell1、 cell2cell3。根据需要,调整每个 Compute 单元 的副本存储 或storage Request 等字段的值。
    4
    如果您在 RHOSP 环境中启用了 TLS-e,在 spec:tls 部分将 tls 设置为以下内容: 
    spec:
  ...
  tls:
    podLevel:
      enabled: true
      internal:
        ca:
          customIssuer: rootca-internal
      libvirt:
        ca:
          customIssuer: rootca-internal
      ovn:
        ca:
          customIssuer: rootca-internal
    ingress:
      ca:
        customIssuer: rootca-internal
      enabled: true
    Copy to Clipboard Toggle word wrap
    注意

    如果使用 IPv6,请将负载均衡器 IP 更改为环境中的 IP,例如: 

    ...
metallb.universe.tf/allow-shared-ip: ctlplane
metallb.universe.tf/loadBalancerIPs: fd00:aaaa::80
...
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/loadBalancerIPs: fd00:bbbb::85
...
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/loadBalancerIPs: fd00:bbbb::86
    Copy to Clipboard Toggle word wrap

验证

  • 验证所有定义的单元的 Galera 和 RabbitMQ 状态是否为 Running

    $ RENAMED_CELLS="cell1 cell2 cell3"
$ oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}'
$ oc get pod rabbitmq-server-0 -o jsonpath='{.status.phase}{"\n"}'
$ for CELL in $(echo $RENAMED_CELLS); do
>     oc get pod openstack-$CELL-galera-0 -o jsonpath='{.status.phase}{"\n"}'
>     oc get pod rabbitmq-$CELL-server-0 -o jsonpath='{.status.phase}{"\n"}'
> done
    Copy to Clipboard Toggle word wrap

    之后,使用环境变量 RENAMED_CELLS 会引用给定的单元名称。

  • 确保所有 Rabbitmq 和 Galera CR 的状态都 完成

    $ oc get Rabbitmqs,Galera
NAME                                                                  STATUS   MESSAGE
rabbitmq.rabbitmq.openstack.org/rabbitmq                              True     Setup complete
rabbitmq.rabbitmq.openstack.org/rabbitmq-cell1                        True     Setup complete

NAME                                                               READY   MESSAGE
galera.mariadb.openstack.org/openstack                             True     Setup complete
galera.mariadb.openstack.org/openstack-cell1                       True     Setup complete
    Copy to Clipboard Toggle word wrap

  • 验证 OpenStackControlPlane CR 是否已等待 openstackclient pod 部署: 

    $ oc get OpenStackControlPlane openstack
NAME        STATUS    MESSAGE
openstack   Unknown   OpenStackControlPlane Client not started
    Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat