红帽全球峰会3.2. 部署后端服务
使用部署基本后端服务创建 OpenStackControlPlane 自定义资源(CR),并禁用所有 Red Hat OpenStack Platform (RHOSP)服务。此 CR 是 control plane 的基础。
先决条件
- 要采用的云正在运行,它处于 RHOSP 17.1 的最新次要版本。
- 源云的所有 control plane 和数据平面主机都在运行,并在整个采用过程中继续运行。
-
部署
openstack-operator,但未部署OpenStackControlPlane。 - 安装 OpenStack Operator。如需更多信息,请参阅在 OpenShift 上部署 Red Hat OpenStack Services 中的 安装和准备 Operator。
-
如果您在 RHOSP 环境中启用了 TLS (TLS-e),您必须将
tlsroot CA 从 RHOSP 环境复制到rootca-internal签发者。 - Galera 和 RabbitMQ 有可用的 PV。
为 control plane 部署设置所需的 admin 密码。这可以是来自您原始部署的管理员密码或不同的密码:
ADMIN_PASSWORD=SomePassword使用现有的 RHOSP 部署密码:
declare -A TRIPLEO_PASSWORDS TRIPLEO_PASSWORDS[default]="$HOME/overcloud-passwords.yaml" ADMIN_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' AdminPassword:' | awk -F ': ' '{ print $2; }')设置服务密码变量以匹配原始部署。数据库密码在 control plane 环境中可能会有所不同,但您必须同步服务帐户密码。
例如,在使用 director 独立的开发人员环境中,可以提取密码:
AODH_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' AodhPassword:' | awk -F ': ' '{ print $2; }') BARBICAN_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' BarbicanPassword:' | awk -F ': ' '{ print $2; }') CEILOMETER_METERING_SECRET=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' CeilometerMeteringSecret:' | awk -F ': ' '{ print $2; }') CEILOMETER_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' CeilometerPassword:' | awk -F ': ' '{ print $2; }') CINDER_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' CinderPassword:' | awk -F ': ' '{ print $2; }') GLANCE_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' GlancePassword:' | awk -F ': ' '{ print $2; }') HEAT_AUTH_ENCRYPTION_KEY=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' HeatAuthEncryptionKey:' | awk -F ': ' '{ print $2; }') HEAT_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' HeatPassword:' | awk -F ': ' '{ print $2; }') HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' HeatStackDomainAdminPassword:' | awk -F ': ' '{ print $2; }') IRONIC_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' IronicPassword:' | awk -F ': ' '{ print $2; }') MANILA_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' ManilaPassword:' | awk -F ': ' '{ print $2; }') NEUTRON_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' NeutronPassword:' | awk -F ': ' '{ print $2; }') NOVA_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' NovaPassword:' | awk -F ': ' '{ print $2; }') OCTAVIA_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' OctaviaPassword:' | awk -F ': ' '{ print $2; }') PLACEMENT_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' PlacementPassword:' | awk -F ': ' '{ print $2; }') SWIFT_PASSWORD=$(cat ${TRIPLEO_PASSWORDS[default]} | grep ' SwiftPassword:' | awk -F ': ' '{ print $2; }')
流程
确保您在使用要部署 control plane 的 Red Hat OpenShift Container Platform (RHOCP)命名空间:
$ oc project openstack- 创建 RHOSP secret。如需更多信息,请参阅在 OpenShift 上部署 Red Hat OpenStack Services 中的 为 Red Hat OpenStack Services 提供安全访问 OpenShift 服务。
如果
$ADMIN_PASSWORD与您在osp-secret中设置的密码不同,请修改osp-secret中的AdminPassword键:$ oc set data secret/osp-secret "AdminPassword=$ADMIN_PASSWORD"在
osp-secret中设置服务帐户密码,以匹配原始部署中的服务帐户密码:$ oc set data secret/osp-secret "AodhPassword=$AODH_PASSWORD" $ oc set data secret/osp-secret "BarbicanPassword=$BARBICAN_PASSWORD" $ oc set data secret/osp-secret "CeilometerPassword=$CEILOMETER_PASSWORD" $ oc set data secret/osp-secret "CinderPassword=$CINDER_PASSWORD" $ oc set data secret/osp-secret "GlancePassword=$GLANCE_PASSWORD" $ oc set data secret/osp-secret "HeatAuthEncryptionKey=$HEAT_AUTH_ENCRYPTION_KEY" $ oc set data secret/osp-secret "HeatPassword=$HEAT_PASSWORD" $ oc set data secret/osp-secret "HeatStackDomainAdminPassword=$HEAT_STACK_DOMAIN_ADMIN_PASSWORD" $ oc set data secret/osp-secret "IronicPassword=$IRONIC_PASSWORD" $ oc set data secret/osp-secret "IronicInspectorPassword=$IRONIC_PASSWORD" $ oc set data secret/osp-secret "ManilaPassword=$MANILA_PASSWORD" $ oc set data secret/osp-secret "MetadataSecret=$METADATA_SECRET" $ oc set data secret/osp-secret "NeutronPassword=$NEUTRON_PASSWORD" $ oc set data secret/osp-secret "NovaPassword=$NOVA_PASSWORD" $ oc set data secret/osp-secret "OctaviaPassword=$OCTAVIA_PASSWORD" $ oc set data secret/osp-secret "PlacementPassword=$PLACEMENT_PASSWORD" $ oc set data secret/osp-secret "SwiftPassword=$SWIFT_PASSWORD"部署
OpenStackControlPlaneCR。确保您只启用 DNS、Galera、Memcached 和 RabbitMQ 服务。所有其他服务必须禁用:$ oc apply -f - <<EOF apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: openstack spec: secret: osp-secret storageClass: <storage_class>1 barbican: enabled: false template: barbicanAPI: {} barbicanWorker: {} barbicanKeystoneListener: {} cinder: enabled: false template: cinderAPI: {} cinderScheduler: {} cinderBackup: {} cinderVolumes: {} dns: template: override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: 192.168.122.802 spec: type: LoadBalancer options: - key: server values: - 192.168.122.1 replicas: 1 glance: enabled: false template: glanceAPIs: {} heat: enabled: false template: {} horizon: enabled: false template: {} ironic: enabled: false template: ironicConductors: [] keystone: enabled: false template: {} manila: enabled: false template: manilaAPI: {} manilaScheduler: {} manilaShares: {} galera: enabled: true templates: openstack: secret: osp-secret replicas: 3 storageRequest: 5G openstack-cell1:3 secret: osp-secret replicas: 3 storageRequest: 5G openstack-cell2: secret: osp-secret replicas: 1 storageRequest: 5G openstack-cell3: secret: osp-secret replicas: 1 storageRequest: 5G memcached: enabled: true templates: memcached: replicas: 3 neutron: enabled: false template: {} nova: enabled: false template: {} ovn: enabled: false template: ovnController: networkAttachment: tenant nodeSelector: node: non-existing-node-name ovnNorthd: replicas: 0 ovnDBCluster: ovndbcluster-nb: replicas: 3 dbType: NB networkAttachment: internalapi ovndbcluster-sb: replicas: 3 dbType: SB networkAttachment: internalapi placement: enabled: false template: {} rabbitmq: templates: rabbitmq: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.85 spec: type: LoadBalancer rabbitmq-cell1: persistence: storage: 1G override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.86 spec: type: LoadBalancer rabbitmq-cell2: persistence: storage: 1G override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.87 spec: type: LoadBalancer rabbitmq-cell3: persistence: storage: 1G override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.88 spec: type: LoadBalancer telemetry: enabled: false tls:4 podLevel: enabled: false ingress: enabled: false swift: enabled: false template: swiftRing: ringReplicas: 1 swiftStorage: replicas: 0 swiftProxy: replicas: 1 EOFspec: ... tls: podLevel: enabled: true internal: ca: customIssuer: rootca-internal libvirt: ca: customIssuer: rootca-internal ovn: ca: customIssuer: rootca-internal ingress: ca: customIssuer: rootca-internal enabled: true注意如果使用 IPv6,请将负载均衡器 IP 更改为环境中的 IP,例如:
... metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: fd00:aaaa::80 ... metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: fd00:bbbb::85 ... metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: fd00:bbbb::86
验证
验证所有定义的单元的 Galera 和 RabbitMQ 状态是否为
Running:$ RENAMED_CELLS="cell1 cell2 cell3" $ oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}' $ oc get pod rabbitmq-server-0 -o jsonpath='{.status.phase}{"\n"}' $ for CELL in $(echo $RENAMED_CELLS); do > oc get pod openstack-$CELL-galera-0 -o jsonpath='{.status.phase}{"\n"}' > oc get pod rabbitmq-$CELL-server-0 -o jsonpath='{.status.phase}{"\n"}' > done之后,使用环境变量
RENAMED_CELLS会引用给定的单元名称。在数据库迁移过程中,Nova 单元被重命名。RENAMED_CELLS变量代表 RHOSO 部署中使用的新单元名称。确保所有 Rabbitmq 和 Galera CR 的状态都
完成:$ oc get Rabbitmqs,Galera NAME STATUS MESSAGE rabbitmq.rabbitmq.openstack.org/rabbitmq True Setup complete rabbitmq.rabbitmq.openstack.org/rabbitmq-cell1 True Setup complete NAME READY MESSAGE galera.mariadb.openstack.org/openstack True Setup complete galera.mariadb.openstack.org/openstack-cell1 True Setup complete验证
OpenStackControlPlaneCR 是否已等待openstackclientpod 部署:$ oc get OpenStackControlPlane openstack NAME STATUS MESSAGE openstack Unknown OpenStackControlPlane Client not started
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}