红帽全球峰会7.4. 将网络服务用于 RHOSO 数据平面
将现有 Red Hat OpenStack Platform 中的 Networker 服务部署到 OpenShift (RHOSO)数据平面上的 Red Hat OpenStack Services 中。Networker 服务可以在 Controller 节点或专用 Networker 节点上运行。您决定要在 Networker 节点上运行哪些服务,并为 Networker 节点创建单独的 OpenStackDataPlaneNodeSet 自定义资源(CR)。如果选项适用于您的环境,您可能还决定实现以下选项:
-
根据您的拓扑,您可能需要在节点上运行
neutron-metadata服务,特别是为 Compute 节点上托管的 SR-IOV 端口提供元数据时。 -
如果要在 Networker 节点上运行 OVN 网关服务,请在要部署的列表中保留
ovn服务。 -
可选:您可以在 Networker 节点上运行
neutron-dhcp服务,而不是在 Compute 节点上运行。除非部署使用 DHCP 转发或 dnsmasq 支持的高级 DHCP 选项,否则您可能不需要将neutron-dhcp与 OVN DHCP 实施一起使用。
当节点设置为 OVN chassis 网关时,将现有 Red Hat OpenStack Platform 部署中的每个 Controller 或 Networker 节点采用到 OpenShift 上的 Red Hat OpenStack Services (RHOSO)。任何参数设置为 enable-chassis-as-gw 的节点都被视为 OVN 网关机箱。在这种情况下,此类节点将在使用后成为 edpm 网络器节点。
检查运行
OVN Controller 网关代理的节点。代理列表因您启用的服务而异:$ oc exec openstackclient -- openstack network agent list +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+ | e5075ee0-9dd9-4f0a-a42a-6bbdf1a6111c | OVN Controller Gateway agent | controller-0.localdomain | | XXX | UP | ovn-controller | | f3112349-054c-403a-b00a-e219238192b8 | OVN Controller agent | compute-0.localdomain | | XXX | UP | ovn-controller | | af9dae2d-1c1c-55a8-a743-f84719f6406d | OVN Metadata agent | compute-0.localdomain | | XXX | UP | neutron-ovn-metadata-agent | | 51a11df8-a66e-47a2-aec0-52eb8589626c | OVN Controller Gateway agent | controller-1.localdomain | | XXX | UP | ovn-controller | | bb817e5e-7832-410a-9e67-934dac8c602f | OVN Controller Gateway agent | controller-2.localdomain | | XXX | UP | ovn-controller | +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+
先决条件
定义 shell 变量。根据上面的代理列表输出,controller-0、controller-1、controller-2 是我们的目标主机。如果您有
Controller和Networker节点都运行 networker 服务,那么请在下面添加所有这些主机。declare -A networkers networkers+=( ["controller-0.localdomain"]="192.168.122.100" ["controller-1.localdomain"]="192.168.122.101" ["controller-2.localdomain"]="192.168.122.102" # ... )-
根据您的环境,将
["<node-name>"]="192.168.122.100"替换为相应 Networker 或 Controller 节点的名称和 IP 地址。
-
根据您的环境,将
流程
为您的节点部署
OpenStackDataPlaneNodeSetCR:注意您可以重复使用为 Compute 节点指定的
OpenStackDataPlaneNodeSetCR 中的大多数nodeTemplate部分。您可以省略一些变量,因为 Networker 节点上运行的一组有限服务。$ oc apply -f - <<EOF apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: openstack-networker spec: tlsEnabled: false1 networkAttachments: - ctlplane preProvisioned: true services: - redhat - bootstrap - download-cache - configure-network - validate-network - install-os - configure-os - ssh-known-hosts - run-os - install-certs - ovn env: - name: ANSIBLE_CALLBACKS_ENABLED value: "profile_tasks" - name: ANSIBLE_FORCE_COLOR value: "True" nodes: controller-0: hostName: controller-0 ansible: ansibleHost: ${networkers[controller-0.localdomain]} networks: - defaultRoute: true fixedIP: ${networkers[controller-0.localdomain]} name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 controller-1: hostName: controller-1 ansible: ansibleHost: ${networkers[controller-1.localdomain]} networks: - defaultRoute: true fixedIP: ${networkers[controller-1.localdomain]} name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 controller-2: hostName: controller-2 ansible: ansibleHost: ${networkers[controller-2.localdomain]} networks: - defaultRoute: true fixedIP: ${networkers[controller-2.localdomain]} name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 nodeTemplate: ansibleSSHPrivateKeySecret: dataplane-adoption-secret ansible: ansibleUser: root ansibleVarsFrom: - secretRef: name: subscription-manager - secretRef: name: redhat-registry ansibleVars: rhc_release: 9.2 rhc_repositories: - {name: "*", state: disabled} - {name: "rhel-9-for-x86_64-baseos-eus-rpms", state: enabled} - {name: "rhel-9-for-x86_64-appstream-eus-rpms", state: enabled} - {name: "rhel-9-for-x86_64-highavailability-eus-rpms", state: enabled} - {name: "rhoso-18.0-for-rhel-9-x86_64-rpms", state: enabled} - {name: "fast-datapath-for-rhel-9-x86_64-rpms", state: enabled} - {name: "rhceph-7-tools-for-rhel-9-x86_64-rpms", state: enabled} edpm_bootstrap_release_version_package: [] # edpm_network_config # Default nic config template for a EDPM node # These vars are edpm_network_config role vars edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ ctlplane_dns_nameservers }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes }} members: - type: interface name: nic1 mtu: {{ min_viable_mtu }} # force the MAC address of the bridge to this interface primary: true {% for network in nodeset_networks %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} edpm_network_config_hide_sensitive_logs: false # # These vars are for the network config templates themselves and are # considered EDPM network defaults. neutron_physical_bridge_name: br-ctlplane neutron_public_interface_name: eth0 # edpm_nodes_validation edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false # edpm ovn-controller configuration edpm_ovn_bridge_mappings: <bridge_mappings>2 edpm_ovn_bridge: br-int edpm_ovn_encap_type: geneve ovn_monitor_all: true edpm_ovn_remote_probe_interval: 60000 edpm_ovn_ofctrl_wait_before_clear: 8000 # serve as a OVN gateway edpm_enable_chassis_gw: true3 timesync_ntp_servers: - hostname: clock.redhat.com - hostname: clock2.redhat.com gather_facts: false enable_debug: false # edpm firewall, change the allowed CIDR if needed edpm_sshd_configure_firewall: true edpm_sshd_allowed_ranges: ['192.168.122.0/24'] # SELinux module edpm_selinux_mode: enforcing # Do not attempt OVS major upgrades here edpm_ovs_packages: - openvswitch3.3 EOF在采用前,请确保在 Networker 节点中使用的
OpenStackDataPlaneNodeSetCR 中使用相同的ovn-controller设置。此配置存储在 Open vSwitch 数据库的Open_vSwitch表中的external_ids列中:ovs-vsctl list Open . ... external_ids : {hostname=controller-0.localdomain, ovn-bridge=br-int, ovn-bridge-mappings=<bridge_mappings>, ovn-chassis-mac-mappings="datacentre:1e:0a:bb:e6:7c:ad", ovn-cms-options=enable-chassis-as-gw, ovn-encap-ip="172.19.0.100", ovn-encap-tos="0", ovn-encap-type=geneve, ovn-match-northd-version=False, ovn-monitor-all=True, ovn-ofctrl-wait-before-clear="8000", ovn-openflow-probe-interval="60", ovn-remote="tcp:ovsdbserver-sb.openstack.svc:6642", ovn-remote-probe-interval="60000", rundir="/var/run/openvswitch", system-id="2eec68e6-aa21-4c95-a868-31aeafc11736"} ...-
将
<bridge_mappings> 替换为您的配置中网桥映射的值,如"datacentre:br-ctlplane"。
-
将
可选:在
OpenStackDataPlaneNodeSetCR 中启用neutron-metadata:$ oc patch openstackdataplanenodeset <networker_CR_name> --type='json' --patch='[ { "op": "add", "path": "/spec/services/-", "value": "neutron-metadata" }]'-
将
<networker_CR_name> 替换为您为 Networker 节点部署的 CR 名称,如openstack-networker。
-
将
可选:在
OpenStackDataPlaneNodeSetCR 中启用neutron-dhcp:$ oc patch openstackdataplanenodeset <networker_CR_name> --type='json' --patch='[ { "op": "add", "path": "/spec/services/-", "value": "neutron-dhcp" }]'为 Networker 节点运行
pre-adoption-validation服务:创建仅运行验证的
OpenStackDataPlaneDeploymentCR:$ oc apply -f - <<EOF apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneDeployment metadata: name: openstack-pre-adoption-networker spec: nodeSets: - openstack-networker servicesOverride: - pre-adoption-validation EOF验证完成后,确认 Ansible EE pod 的状态为
Completed:$ watch oc get pod -l app=openstackansibleee$ oc logs -l app=openstackansibleee -f --max-log-requests 20等待部署变为
Ready状态:$ oc wait --for condition=Ready openstackdataplanedeployment/openstack-pre-adoption-networker --timeout=10m
为 Networker 节点部署
OpenStackDataPlaneDeploymentCR:$ oc apply -f - <<EOF apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneDeployment metadata: name: openstack-networker spec: nodeSets: - openstack-networker EOF注意另外,在部署主
OpenStackDataPlaneDeploymentCR 前,您可以在nodeSets列表中包含 Networker 节点。您不能在部署后将新节点设置为OpenStackDataPlaneDeploymentCR。清理不再运行的任何网络服务(neutron)代理。
注意在某些情况下,来自被替换或停用的旧数据平面的代理保留在 RHOSO 中。提供的这些代理可能由 RHOSO 中运行的新代理提供,或者功能可能被其他组件替代。例如,可能不再需要 DHCP 代理,因为 RHOSO 中的 OVN DHCP 可以提供此功能。
列出代理:
$ oc exec openstackclient -- openstack network agent list +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+ | e5075ee0-9dd9-4f0a-a42a-6bbdf1a6111c | OVN Controller Gateway agent | controller-0.localdomain | | :-) | UP | ovn-controller | | 856960f0-5530-46c7-a331-6eadcba362da | DHCP agent | controller-1.localdomain | nova | XXX | UP | neutron-dhcp-agent | | 8bd22720-789f-45b8-8d7d-006dee862bf9 | DHCP agent | controller-2.localdomain | nova | XXX | UP | neutron-dhcp-agent | | e584e00d-be4c-4e98-a11a-4ecd87d21be7 | DHCP agent | controller-0.localdomain | nova | XXX | UP | neutron-dhcp-agent | +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+如果列表中的任何代理在
Alive字段中显示XXX,请验证 Host 和 Agent Type,如果不再需要此代理,且代理已在 Red Hat OpenStack Platform 主机上永久停止。然后,删除代理:$ oc exec openstackclient -- openstack network agent <agent_id>-
将
<agent_id> 替换为要删除的代理 ID,例如856960f0-5530-46c7-a331-6eadcba362da。
-
将
验证
确认所有 Ansible EE pod 都到达
Completed状态:$ watch oc get pod -l app=openstackansibleee$ oc logs -l app=openstackansibleee -f --max-log-requests 20等待 data plane 节点设置为
Ready状态:$ oc wait --for condition=Ready osdpns/<networker_CR_name> --timeout=30m-
将
<networker_CR_name> 替换为您为 Networker 节点部署的 CR 名称,如openstack-networker。
-
将
验证 Networking 服务(neutron)代理是否正在运行。代理列表因您启用的服务而异:
$ oc exec openstackclient -- openstack network agent list +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+ | e5075ee0-9dd9-4f0a-a42a-6bbdf1a6111c | OVN Controller Gateway agent | controller-0.localdomain | | :-) | UP | ovn-controller | | f3112349-054c-403a-b00a-e219238192b8 | OVN Controller agent | compute-0.localdomain | | :-) | UP | ovn-controller | | af9dae2d-1c1c-55a8-a743-f84719f6406d | OVN Metadata agent | compute-0.localdomain | | :-) | UP | neutron-ovn-metadata-agent | | 51a11df8-a66e-47a2-aec0-52eb8589626c | OVN Controller Gateway agent | controller-1.localdomain | | :-) | UP | ovn-controller | | bb817e5e-7832-410a-9e67-934dac8c602f | OVN Controller Gateway agent | controller-2.localdomain | | :-) | UP | ovn-controller | +--------------------------------------+------------------------------+--------------------------+-------------------+-------+-------+----------------------------+
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}