红帽全球峰会6.5. 创建分布式 control plane
定义 OpenStackControlPlane 自定义资源(CR)来执行以下任务:
- 创建分布式 control plane。
- 在 OpenShift (RHOSO)服务中启用 Red Hat OpenStack Services。
以下流程会创建一个 control plane,该服务 pod 默认分散到所有区中。存储服务覆盖默认服务 pod 放置,以调度特定区域中的 cinderVolumes、cinderBackup、glanceAPI 和 manilaShares 服务 pod。在添加所需的所有自定义前,您可以使用 control plane 对问题进行故障排除并测试环境。您可以在部署的环境中添加服务自定义。有关如何在部署后自定义 control plane 的更多信息,请参阅自定义 Red Hat OpenStack Services on OpenShift 部署指南。
注意
-
以下服务示例将默认 RHOSO MetalLB
IPAddressPool范围内的 IP 地址用于loadBalancerIPs字段。使用您在 为 BGP 的 RHOSO 网络 VIPS 准备 RHOCP 时创建的 IP 地址,更新loadBalancerIPs字段。 -
您可以使用
topologyRef字段将每个服务的 pod 放置到特定区中。如果没有指定,pod 会在区间自动均匀分布。
先决条件
-
您已为环境中的特定区创建了
TopologyCR。如需更多信息,请参阅 为特定区创建TopologyCR。 -
您已创建了
TopologyCR,将 pod 分散到所有区中。如需更多信息,请参阅创建将 pod 分散到所有区的TopologyCR。
流程
在工作站上创建一个名为
distributed_control_plane.yaml的文件,以定义OpenStackControlPlaneCR:apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: distributed-control-plane namespace: openstack指定在创建时的服务 pod 会在分布式区环境中的区间分布:
apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: distributed-control-plane namespace: openstack spec: topologyRef: name: spread-pods指定您创建的
SecretCR,以便在提供对 OpenShift 服务上的 Red Hat OpenStack Services 的安全访问权限时提供对 RHOSO 服务 pod 的安全访问 :spec: ... secret: osp-secret指定您为 Red Hat OpenShift Container Platform (RHOCP)集群存储后端创建的
storageClass:spec: ... storageClass: <RHOCP_storage_class>-
将
<RHOCP_storage_class> 替换为您为 RHOCP 集群存储后端创建的存储类。有关存储类的详情,请参考 创建存储类。
-
将
如果使用 Red Hat Ceph Storage,请定义需要访问 Red Hat Ceph Storage secret 的区和服务:
extraMounts: - extraVol: - extraVolType: Ceph mounts: - mountPath: /etc/ceph name: ceph-az1 readOnly: true propagation: - az1 - CinderBackup volumes: - name: ceph-az1 projected: sources: - secret: name: ceph-conf-files-az1 - extraVolType: Ceph mounts: - mountPath: /etc/ceph name: ceph-az2 readOnly: true propagation: - az2 volumes: - name: ceph-az2 projected: sources: - secret: name: ceph-conf-files-az2 - extraVolType: Ceph mounts: - mountPath: /etc/ceph name: ceph-az3 readOnly: true propagation: - az3 volumes: - name: ceph-az3 projected: sources: - secret: name: ceph-conf-files-az3配置块存储服务(cinder)。
如果您在 Red Hat Ceph Storage 中使用块存储服务,请添加以下配置:
cinder: template: customServiceConfig: | [DEFAULT] storage_availability_zone = az1,az2,az3 databaseInstance: openstack secret: osp-secret cinderAPI: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer cinderScheduler: replicas: 1 cinderBackup: customServiceConfig: | [DEFAULT] backup_driver = cinder.backup.drivers.ceph.CephBackupDriver backup_ceph_conf = /etc/ceph/az1.conf backup_ceph_pool = backups backup_ceph_user = openstack networkAttachments: - storage replicas: 1 topologyRef: name: zone1-node-affinity cinderVolumes: az1: customServiceConfig: | [DEFAULT] enabled_backends = ceph glance_api_servers = https://glance-az1-internal.openstack.svc:9292 [ceph] volume_backend_name = ceph volume_driver = cinder.volume.drivers.rbd.RBDDriver rbd_ceph_conf = /etc/ceph/az1.conf rbd_user = openstack rbd_pool = volumes rbd_flatten_volume_from_snapshot = False rbd_secret_uuid = 7fd06e2a-a3e4-49fa-980c-1ed0865d2886 rbd_cluster_name = az1 backend_availability_zone = az1 topologyRef: name: zone1-node-affinity networkAttachments: - storage replicas: 1 az2: customServiceConfig: | [DEFAULT] enabled_backends = ceph glance_api_servers = https://glance-az2-internal.openstack.svc:9292 [ceph] volume_backend_name = ceph volume_driver = cinder.volume.drivers.rbd.RBDDriver rbd_ceph_conf = /etc/ceph/az2.conf rbd_user = openstack rbd_pool = volumes rbd_flatten_volume_from_snapshot = False rbd_secret_uuid = d4596afb-43f2-4e5d-a204-bc38a3485dc3 rbd_cluster_name = az2 backend_availability_zone = az2 topologyRef: name: zone2-node-affinity networkAttachments: - storage replicas: 1 az3: customServiceConfig: | [DEFAULT] enabled_backends = ceph glance_api_servers = https://glance-az3-internal.openstack.svc:9292 [ceph] volume_backend_name = ceph volume_driver = cinder.volume.drivers.rbd.RBDDriver rbd_ceph_conf = /etc/ceph/az3.conf rbd_user = openstack rbd_pool = volumes rbd_flatten_volume_from_snapshot = False rbd_secret_uuid = 1c348616-c493-4369-91f2-a55e4f404fbe rbd_cluster_name = az3 backend_availability_zone = az3 topologyRef: name: zone3-node-affinity networkAttachments: - storage replicas: 1如果您将块存储服务与第三方存储搭配使用,请添加以下配置:在本例中,您可以使用 NetApp 在三个可用区(AZ)中配置
cinderVolumes:cinder: apiOverride: route: haproxy.router.openshift.io/timeout: 60s template: customServiceConfig: | [DEFAULT] storage_availability_zone = az1 cinderAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 cinderBackup: customServiceConfig: | [DEFAULT] # TODO: networkAttachments: - storage replicas: 0 topologyRef: name: azone-node-affinity cinderScheduler: replicas: 1 cinderVolumes: ontap-iscsi-az1: customServiceConfig: | [DEFAULT] glance_api_servers = https://glance-az1-internal.openstack.svc:9292 [ontap-az1] backend_availability_zone = az1 volume_backend_name=ontap-az1 volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver netapp_server_hostname=10.0.0.5 netapp_server_port=80 netapp_storage_protocol=iscsi netapp_storage_family=ontap_cluster consistencygroup_support=True customServiceConfigSecrets: - cinder-volume-secrets-az1 topologyRef: name: azone-node-affinity ontap-iscsi-az2: customServiceConfig: | [DEFAULT] glance_api_servers = https://glance-az2-internal.openstack.svc:9292 [ontap-az2] backend_availability_zone = az2 volume_backend_name=ontap-az2 volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver netapp_server_hostname=10.0.0.6 netapp_server_port=80 netapp_storage_protocol=iscsi netapp_storage_family=ontap_cluster consistencygroup_support=True customServiceConfigSecrets: - cinder-volume-secrets-az2 topologyRef: name: bzone-node-affinity ontap-iscsi-az3: customServiceConfig: | [DEFAULT] glance_api_servers = https://glance-az3-internal.openstack.svc:9292 [ontap-az3] backend_availability_zone = az3 volume_backend_name=ontap-az3 volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver netapp_server_hostname=10.0.0.7 netapp_server_port=80 netapp_storage_protocol=iscsi netapp_storage_family=ontap_cluster consistencygroup_support=True customServiceConfigSecrets: - cinder-volume-secrets-az3 topologyRef: name: czone-node-affinity databaseInstance: openstack preserveJobs: false secret: osp-secret在本例中,
cinderBackup下的块存储备份服务被禁用。如果您需要块存储备份服务:- 增加副本数。
-
将
topologyRef设置为在相关的 AZ 中运行备份服务。 -
为适当的后端设置
customServiceConfig,如 配置持久性存储 中的 存储后端 中所述。
配置 Compute 服务(nova):
nova: template: apiServiceTemplate: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer metadataServiceTemplate: replicas: 3 override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer schedulerServiceTemplate: replicas: 3 cellTemplates: cell0: cellDatabaseAccount: nova-cell0 cellDatabaseInstance: openstack cellMessageBusInstance: rabbitmq hasAPIAccess: true cell1: cellDatabaseAccount: nova-cell1 cellDatabaseInstance: openstack-cell1 cellMessageBusInstance: rabbitmq-cell1 conductorServiceTemplate: replicas: 1 noVNCProxyServiceTemplate: enabled: true networkAttachments: - ctlplane hasAPIAccess: true secret: osp-secret为数据平面配置 DNS 服务:
dns: template: options: - key: server values: - 192.168.122.1 - key: server values: - 192.168.122.2 override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: 192.168.122.80 spec: type: LoadBalancer replicas: 2-
template.options:使用键值对定义每个 DNS 服务器所需的 dnsmasq 实例。在本例中,定义了两个键值对,因为有两个 DNS 服务器配置为将请求转发到。 template.options.key:指定为部署的 dnsmasq 实例自定义的 dnsmasq 参数。设置为以下有效值之一:-
server -
rev-server -
srv-host -
txt-record -
ptr-record -
rebind-domain-ok -
naptr-record -
CNAME -
host-record -
caa-record -
dns-rr -
auth-zone -
synth-domain -
no-negcache -
local
-
-
template.options.values: 指定 dnsmasq 参数的值。您可以将通用 DNS 服务器指定为值,如1.1.1.1或特定域的 DNS 服务器,例如/google.com/8.8.8.8。
-
配置 Identity 服务(keystone):
keystone: template: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer databaseInstance: openstack secret: osp-secret replicas: 3配置镜像服务(glance)。
如果您将镜像服务与 Red Hat Ceph Storage 搭配使用,请配置以下内容:
glance: template: databaseInstance: openstack glanceAPIs: az1: customServiceConfig: | [DEFAULT] enabled_import_methods = [web-download,copy-image,glance-direct] enabled_backends = az1:rbd [glance_store] default_backend = az1 [az1] rbd_store_ceph_conf = /etc/ceph/az1.conf store_description = "az1 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.81 spec: type: LoadBalancer replicas: 2 topologyRef: name: zone1-node-affinity type: edge az2: customServiceConfig: | [DEFAULT] enabled_import_methods = [web-download,copy-image,glance-direct] enabled_backends = az1:rbd,az2:rbd [glance_store] default_backend = az2 [az2] rbd_store_ceph_conf = /etc/ceph/az2.conf store_description = "az2 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True [az1] rbd_store_ceph_conf = /etc/ceph/az1.conf store_description = "az1 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.82 spec: type: LoadBalancer replicas: 2 topologyRef: name: zone2-node-affinity type: edge az3: customServiceConfig: | [DEFAULT] enabled_import_methods = [web-download,copy-image,glance-direct] enabled_backends = az1:rbd,az3:rbd [glance_store] default_backend = az3 [az3] rbd_store_ceph_conf = /etc/ceph/az3.conf store_description = "az3 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True [az1] rbd_store_ceph_conf = /etc/ceph/az1.conf store_description = "az1 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.83 spec: type: LoadBalancer replicas: 2 topologyRef: name: zone3-node-affinity type: edge default: customServiceConfig: | [DEFAULT] enabled_import_methods = [web-download,copy-image,glance-direct] enabled_backends = az1:rbd,az2:rbd,az3:rbd [glance_store] default_backend = az1 [az1] rbd_store_ceph_conf = /etc/ceph/az1.conf store_description = "az1 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True [az2] rbd_store_ceph_conf = /etc/ceph/az2.conf store_description = "az2 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True [az3] rbd_store_ceph_conf = /etc/ceph/az3.conf store_description = "az3 RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 type: split keystoneEndpoint: default storage: storageClass: local-storage storageRequest: 10G uniquePodNames: true如果您将镜像服务与第三方存储搭配使用,请配置以下内容:在本例中,您有三个 AZ,您使用块存储服务作为镜像服务的后端。您可以为每个 AZ 创建单独的
glanceAPI服务器集,它使用多存储写入多个块存储服务后端。如果您将多存储配置为使用块存储服务作为其后端,当完成创建 control plane 时的步骤 25,因为您必须在创建 control plane 时为cinder-volume服务创建卷类型。本例使用块存储服务 iSCSI 来存储镜像服务镜像,它可以支持多路径,以及
cinder_use_multipath和cinder_do_extend_attached等多路径选项。如果您正在使用的存储协议或者您的环境不支持多路径,请不要使用这些选项。glanceAPIs: az1: customServiceConfig: | [DEFAULT] enabled_backends = az1:cinder enabled_import_methods = [web-download,copy-image,glance-direct] [glance_store] default_backend = az1 [az1] store_description = AZ1 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az1 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.81 spec: type: LoadBalancer replicas: 2 topologyRef: name: azone-node-affinity type: edge az2: customServiceConfig: | [DEFAULT] enabled_backends = az1:cinder,az2:cinder [glance_store] default_backend = az2 [az2] store_description = AZ2 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az2 [az1] store_description = AZ1 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az1 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.82 spec: type: LoadBalancer replicas: 2 topologyRef: name: bzone-node-affinity type: edge az3: customServiceConfig: | [DEFAULT] enabled_backends = az1:cinder,az3:cinder [glance_store] default_backend = az3 [az3] store_description = AZ3 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az3 [az1] store_description = AZ1 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az1 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.83 spec: type: LoadBalancer replicas: 2 topologyRef: name: czone-node-affinity type: edge default: customServiceConfig: | [DEFAULT] enabled_backends = az1:cinder,az2:cinder,az3:cinder [glance_store] default_backend = az1 [az1] store_description = AZ1 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az1 [az2] store_description = AZ2 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az2 [az3] store_description = AZ3 NetApp iscsi cinder backend cinder_store_auth_address = {{ .KeystoneInternalURL }} cinder_store_user_name = {{ .ServiceUser }} cinder_store_password = {{ .ServicePassword }} cinder_store_project_name = service cinder_catalog_info = volumev3::internalURL cinder_use_multipath = true cinder_do_extend_attached = true cinder_volume_type = glance-ontap-az3
配置密钥管理服务(barbican):
barbican: template: databaseInstance: openstack secret: osp-secret barbicanAPI: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer barbicanWorker: replicas: 3 barbicanKeystoneListener: replicas: 1配置网络服务(neutron):
neutron: template: customServiceConfig: | [DEFAULT] vlan_transparent = true debug = true [ovs] igmp_snooping_enable = true databaseInstance: openstack networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 secret: osp-secret确保 Object Storage 服务(swift)已禁用:
swift: enabled: false配置 OVN:
ovn: template: ovnController: external-ids: enable-chassis-as-gateway: false networkAttachment: tenant nicMappings: datacentre: ospbr ovnDBCluster: ovndbcluster-nb: dbType: NB networkAttachment: internalapi replicas: 3 storageRequest: 10G ovndbcluster-sb: dbType: SB networkAttachment: internalapi replicas: 3 storageRequest: 10G ovnNorthd: networkAttachment: internalapi配置放置服务(placement):
placement: template: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer databaseInstance: openstack replicas: 3 secret: osp-secret配置 Telemetry 服务(ceilometer、prometheus):
telemetry: enabled: true template: metricStorage: enabled: true dashboardsEnabled: true dataplaneNetwork: ctlplane networkAttachments: - ctlplane monitoringStack: alertingEnabled: true scrapeInterval: 30s storage: strategy: persistent retention: 24h persistent: pvcStorageRequest: 20G autoscaling: enabled: false aodh: databaseAccount: aodh databaseInstance: openstack passwordSelector: aodhService: AodhPassword rabbitMqClusterName: rabbitmq serviceUser: aodh secret: osp-secret heatInstance: heat ceilometer: template: passwordSelector: service: CeilometerPassword secret: osp-secret serviceUser: ceilometer logging: enabled: false-
metricStorage.dataplaneNetwork:定义用于提取 dataplanenode_exporter端点的网络。 -
metricStorage.networkAttachments:列出每个服务 pod 附加到的网络。使用NetworkAttachmentDefinition资源名称来指定。您可以为您指定的每个网络附加配置服务的 NIC。如果您没有配置每个服务 pod 附加到的隔离网络,则使用默认 pod 网络。您必须创建一个与指定为dataplaneNetwork的网络匹配的networkAttachment,以便 Prometheus 可以从 dataplane 节点中提取数据。 -
自动缩放:您必须存在autoscaling字段,即使禁用了自动扩展。有关自动扩展的更多信息,请参阅实例自动扩展。
-
配置共享文件系统服务(manila)。
如果您将共享文件系统服务与 Red Hat Ceph Storage 搭配使用,请添加以下配置:
manila: enabled: true template: manilaAPI: customServiceConfig: | [DEFAULT] enabled_share_protocols=nfs,cephfs networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 manilaScheduler: replicas: 3 manilaShares: az1: customServiceConfig: | [DEFAULT] enabled_share_backends = cephfs_az1 enabled_share_protocols = cephfs [cephfs_az1] driver_handles_share_servers = False share_backend_name = cephfs_az1 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver cephfs_conf_path = /etc/ceph/az1.conf cephfs_cluster_name = az1 cephfs_auth_id=openstack cephfs_volume_mode = 0755 cephfs_protocol_helper_type = CEPHFS backend_availability_zone = az1 networkAttachments: - storage replicas: 1 topologyRef: name: zone1-node-affinity az2: customServiceConfig: | [DEFAULT] enabled_share_backends = cephfs_az2 enabled_share_protocols = cephfs [cephfs_az2] driver_handles_share_servers = False share_backend_name = cephfs_az2 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver cephfs_conf_path = /etc/ceph/az2.conf cephfs_cluster_name = az2 cephfs_auth_id=openstack cephfs_volume_mode = 0755 cephfs_protocol_helper_type = CEPHFS backend_availability_zone = az2 networkAttachments: - storage replicas: 1 topologyRef: name: zone2-node-affinity az3: customServiceConfig: | [DEFAULT] enabled_share_backends = cephfs_az3 enabled_share_protocols = cephfs [cephfs_az3] driver_handles_share_servers = False share_backend_name = cephfs_az3 share_driver = manila.share.drivers.cephfs.driver.CephFSDriver cephfs_conf_path = /etc/ceph/az3.conf cephfs_cluster_name = az3 cephfs_auth_id=openstack cephfs_volume_mode = 0755 cephfs_protocol_helper_type = CEPHFS backend_availability_zone = az3 networkAttachments: - storage replicas: 1 topologyRef: name: zone3-node-affinity如果您将共享文件系统服务与第三方存储搭配使用,请配置以下内容:在本例中,您可以使用 NetApp 在三个 AZ 中配置共享文件系统服务。
在以下示例中,
driver_handles_share_servers设置为 True。如果您没有这个选项,则将driver_handles_share_servers字段设置为 False。如需更多信息,请参阅 配置持久性存储 中的 验证分布式 control plane 和 配置 共享文件系统服务(manila)。manila: apiOverride: route: haproxy.router.openshift.io/timeout: 60s enabled: true template: manilaAPI: customServiceConfig: | [DEFAULT] storage_availability_zone = az1,az2,az3 default_share_type = nfs-multiaz enabled_share_protocols=nfs debug = true networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 manilaScheduler: replicas: 3 manilaShares: az1: customServiceConfig: | [DEFAULT] enabled_share_backends = nfs_az1 enabled_share_protocols = nfs [nfs_az1] driver_handles_share_servers = True share_backend_name = nfs_az backend_availability_zone = az1 share_driver=manila.share.drivers.netapp.common.NetAppDriver netapp_storage_family=ontap_cluster netapp_transport_type=http customServiceConfigSecrets: - osp-secret-manila-az1 networkAttachments: - storage replicas: 1 topologyRef: name: azone-node-affinity az2: customServiceConfig: | [DEFAULT] enabled_share_backends = nfs_az2 enabled_share_protocols = nfs [nfs_az2] driver_handles_share_servers = True share_backend_name = nfs_az backend_availability_zone = az2 share_driver=manila.share.drivers.netapp.common.NetAppDriver netapp_storage_family=ontap_cluster netapp_transport_type=http customServiceConfigSecrets: - osp-secret-manila-az2 networkAttachments: - storage replicas: 1 topologyRef: name: bzone-node-affinity az3: customServiceConfig: | [DEFAULT] enabled_share_backends = nfs_az3 enabled_share_protocols = nfs [nfs_az3] driver_handles_share_servers = True share_backend_name = nfs_az backend_availability_zone = az3 share_driver=manila.share.drivers.netapp.common.NetAppDriver netapp_storage_family=ontap_cluster netapp_transport_type=http customServiceConfigSecrets: - osp-secret-manila-az3 networkAttachments: - storage replicas: 1 topologyRef: name: czone-node-affinity preserveJobs: false
禁用负载均衡服务(octavia),因为在 OVN 服务中禁用
enable-chassis-as-gateway时不支持它。如需更多信息,请参阅 OSPRH-10766。octavia: enabled: false配置编排服务(heat):
heat: cnfAPIOverride: route: {} enabled: true template: databaseInstance: openstack heatAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 heatEngine: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 secret: osp-secret配置 Dashboard 服务(horizon):
horizon: enabled: true template: replicas: 2 secret: osp-secret添加以下服务配置来实现高可用性(HA):
用于所有 RHOSO 服务(
openstack)的 MariaDB Galera 集群,以及用于 cell1 的 Compute 服务使用的 MariaDB Galera 集群(openstack-):cell1galera: enabled: true templates: openstack: storageRequest: 5000M secret: osp-secret replicas: 3 openstack-cell1: storageRequest: 5000M secret: osp-secret replicas: 3包含三个 memcached 服务器的单个 memcached 集群:
memcached: templates: memcached: replicas: 3用于所有 RHOSO 服务的 RabbitMQ 集群(
rabbitmq)和 RabbitMQ 集群,供计算服务用于cell1(rabbitmq-cell1)使用:rabbitmq: templates: rabbitmq: replicas: 3 override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.85 spec: type: LoadBalancer rabbitmq-cell1: replicas: 3 override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.86 spec: type: LoadBalancer注意您不能在同一虚拟 IP (VIP)地址上配置多个 RabbitMQ 实例,因为所有 RabbitMQ 实例都使用相同的端口。如果您需要将多个 RabbitMQ 实例公开给同一网络,则必须使用不同的 IP 地址。
创建 control plane:
$ oc create -f distributed_control_plane.yaml -n openstack等待 RHOCP 创建与
OpenStackControlPlaneCR 相关的资源。运行以下命令来检查状态:$ oc get openstackcontrolplane -n openstack NAME STATUS MESSAGE distributed-control-plane Unknown Setup started当状态为 "Setup complete" 时,会创建
OpenStackControlPlane资源。提示将
-w选项附加到get命令的末尾,以跟踪部署进度。注意创建 control plane 还会创建一个
OpenStackClientpod,您可以通过远程 shell (rsh)访问以运行 OpenStack CLI 命令。$ oc rsh -n openstack openstackclient可选:通过查看
openstack命名空间中的 pod 确认部署了 control plane:$ oc get pods -n openstack当所有 pod 都已完成或运行时,会部署 control plane。
如果您将镜像服务与第三方存储搭配使用,并且将多存储配置为使用块存储服务作为其后端,则每个
glance存储都指定了唯一的cinder_volume_type。您可以使用-private 选项创建卷类型,以防止它们暴露给云用户。要允许镜像服务访问这些卷类型,您可以将每种类型的-project设置为服务项目 ID。打开与
OpenStackClientpod 的远程 shell 连接:$ oc rsh -n openstack openstackclient识别服务项目 ID:
$ sh-5.1$ openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 439f0ee839144b4c8640b9153a596a30 | admin | | 7a8946c6ec7c4d0488c592f0306eaa35 | service | +----------------------------------+---------+ $ sh-5.1$将镜像服务的服务用户项目 ID 存储在 shell 变量中:
$ SERVICE_PROJECT_ID=$(openstack project show service -c id -f value)为每个 AZ 中的三个 cinder-volume 服务创建一个类型。设置其项目 ID 和可用性区域。使用 spec 键
RESKEY:availability_zones将 AZ 传递给块存储服务,即使镜像服务仅在请求卷时传递类型:$ openstack volume type create --private --project "$SERVICE_PROJECT_ID" --property "RESKEY:availability_zones=az1" glance-ontap-az1 $ openstack volume type create --private --project "$SERVICE_PROJECT_ID" --property "RESKEY:availability_zones=az2" glance-ontap-az2 $ openstack volume type create --private --project "$SERVICE_PROJECT_ID" --property "RESKEY:availability_zones=az3" glance-ontap-az3退出
openstackclientpod:$ exit
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}