红帽全球峰会4.2. 创建 control plane
您必须定义一个 OpenStackControlPlane 自定义资源(CR)来创建 control plane 并在 OpenShift (RHOSO)服务中启用 Red Hat OpenStack Services。
以下流程使用每个服务的建议配置创建一个初始 control plane。此流程帮助您快速创建操作 control plane 环境,您可以在添加所有所需自定义前排除问题并测试环境。您可以在部署的环境中添加服务自定义。有关如何在部署后自定义 control plane 的更多信息,请参阅自定义 Red Hat OpenStack Services on OpenShift 部署指南。
如需 OpenStackControlPlane CR 示例,请参阅 OpenStackControlPlane CR 示例。
使用以下命令查看 OpenStackControlPlane CRD 定义和规格模式:
$ oc describe crd openstackcontrolplane
$ oc explain openstackcontrolplane.spec流程
在工作站上创建一个名为
openstack_control_plane.yaml的文件,以定义OpenStackControlPlaneCR:apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: openstack-control-plane namespace: openstack指定您创建的
SecretCR,以便在提供对 OpenShift 服务上的 Red Hat OpenStack Services 的安全访问权限时提供对 RHOSO 服务 pod 的安全访问 :apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: openstack-control-plane namespace: openstack spec: secret: osp-secret指定您为 Red Hat OpenShift Container Platform (RHOCP)集群存储后端创建的
storageClass:spec: secret: osp-secret storageClass: <RHOCP_storage_class>-
将
<RHOCP_storage_class> 替换为您为 RHOCP 集群存储后端创建的存储类。有关存储类的详情,请参考 创建存储类。
-
将
添加以下服务配置:
注意-
以下服务示例将默认 RHOSO MetalLB
IPAddressPool范围内的 IP 地址用于loadBalancerIPs字段。使用您创建的 MetalLBIPAddressPool范围内的 IP 地址更新loadBalancerIPs字段。 - 您不能覆盖默认的公共服务端点。默认情况下,公共服务端点以 RHOCP 路由的形式公开,因为只有路由用于公共端点。
块存储服务(cinder):
cinder: apiOverride: route: {} template: databaseInstance: openstack secret: osp-secret cinderAPI: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer cinderScheduler: replicas: 1 cinderBackup: networkAttachments: - storage replicas: 0 cinderVolumes: volume1: networkAttachments: - storage replicas: 0-
cinderBackup.replicas:您可以在不激活cinderBackup服务的情况下部署初始 control plane。要部署该服务,您必须为该服务设置副本数,并为该服务配置后端。有关每个服务推荐的副本以及如何为块存储服务和备份服务配置后端的详情,请参考 配置持久性存储 中的 配置块存储备份服务。https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/configuring_persistent_storage/assembly_configuring-the-block-storage-backup-service_block-storage-backup -
cinderVolumes.replicas:您可以在不激活cinderVolumes服务的情况下部署初始 control plane。要部署该服务,您必须为该服务设置副本数,并为该服务配置后端。有关cinderVolumes服务的建议副本以及如何为服务配置后端的详情,请参考 配置持久性存储 中的 配置卷服务。https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/configuring_persistent_storage/assembly_cinder-configuring-the-block-storage-service_block-storage#proc_cinder-configure-volume_block-storage
-
计算服务(nova):
nova: apiOverride: route: {} template: apiServiceTemplate: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer metadataServiceTemplate: replicas: 3 override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer schedulerServiceTemplate: replicas: 3 cellTemplates: cell0: cellDatabaseAccount: nova-cell0 cellDatabaseInstance: openstack cellMessageBusInstance: rabbitmq hasAPIAccess: true cell1: cellDatabaseAccount: nova-cell1 cellDatabaseInstance: openstack-cell1 cellMessageBusInstance: rabbitmq-cell1 noVNCProxyServiceTemplate: enabled: true networkAttachments: - ctlplane hasAPIAccess: true secret: osp-secret注意默认情况下,为每个默认单元格部署一组完整的 Compute 服务(nova):
nova-api、nova-metadata、nova-scheduler和nova-conductor。默认情况下,cell1也启用了novncproxy服务。data plane 的 DNS 服务:
dns: template: options: - key: server values: - 192.168.122.1 - key: server values: - 192.168.122.2 override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: 192.168.122.80 spec: type: LoadBalancer replicas: 2-
dns.template.options:通过使用键值对定义每个 DNS 服务器所需的dnsmasq实例。在本例中,定义了两个键值对,因为有两个 DNS 服务器配置为将请求转发到。 dns.template.options.key:指定要为部署的dnsmasq实例自定义的dnsmasq参数。设置为以下有效值之一:-
server -
rev-server -
srv-host -
txt-record -
ptr-record -
rebind-domain-ok -
naptr-record -
CNAME -
host-record -
caa-record -
dns-rr -
auth-zone -
synth-domain -
no-negcache -
local
-
dns.template.options.values: 指定dnsmasq参数的值。您可以将通用 DNS 服务器指定为值,如1.1.1.1或特定域的 DNS 服务器,例如/google.com/8.8.8.8。注意此 DNS 服务
dnsmasq为 RHOSO 数据平面上的节点提供 DNS 服务。dnsmasq与 RHOSO DNS 服务(指定)不同,它为云租户提供 DNS 服务。
-
Identity 服务 (keystone)
keystone: apiOverride: route: {} template: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer databaseInstance: openstack secret: osp-secret replicas: 3镜像服务(glance):
glance: apiOverrides: default: route: {} template: databaseInstance: openstack storage: storageRequest: 10G secret: osp-secret keystoneEndpoint: default glanceAPIs: default: replicas: 0 # Configure back end; set to 3 when deploying service override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer networkAttachments: - storage-
glanceapis.default.replicas:您可以在不激活镜像服务(glance)的情况下部署初始 control plane。要部署镜像服务,您必须为该服务设置副本数,并为该服务配置后端。有关镜像服务推荐副本以及如何为服务配置后端的详情,请参考 配置持久性存储 中的 配置 镜像服务(glance)。如果没有部署镜像服务,则无法将镜像上传到云或启动实例。
-
密钥管理服务(barbican):
barbican: apiOverride: route: {} template: databaseInstance: openstack secret: osp-secret barbicanAPI: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer barbicanWorker: replicas: 3 barbicanKeystoneListener: replicas: 1Networking 服务(neutron):
neutron: apiOverride: route: {} template: replicas: 3 override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer databaseInstance: openstack secret: osp-secret networkAttachments: - internalapiObject Storage 服务(swift):
swift: enabled: true proxyOverride: route: {} template: swiftProxy: networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 2 secret: osp-secret swiftRing: ringReplicas: 3 swiftStorage: networkAttachments: - storage replicas: 3 storageRequest: 10GiOVN:
ovn: template: ovnDBCluster: ovndbcluster-nb: replicas: 3 dbType: NB storageRequest: 10G networkAttachment: internalapi ovndbcluster-sb: replcas: 3 dbType: SB storageRequest: 10G networkAttachment: internalapi ovnNorthd: {}放置服务(放置) :
placement: apiOverride: route: {} template: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer databaseInstance: openstack replicas: 3 secret: osp-secretTelemetry 服务(ceilometer、prometheus):
telemetry: enabled: true template: metricStorage: enabled: true dashboardsEnabled: true dataplaneNetwork: ctlplane networkAttachments: - ctlplane monitoringStack: alertingEnabled: true scrapeInterval: 30s storage: strategy: persistent retention: 24h persistent: pvcStorageRequest: 20G autoscaling: enabled: false aodh: databaseAccount: aodh databaseInstance: openstack passwordSelector: aodhService: AodhPassword rabbitMqClusterName: rabbitmq serviceUser: aodh secret: osp-secret heatInstance: heat ceilometer: enabled: true secret: osp-secret logging: enabled: false-
Telemetry.template.metricStorage.dataplaneNetwork:定义用于提取 dataplanenode_exporter端点的网络。 -
Telemetry.template.metricStorage.networkAttachments:使用NetworkAttachmentDefinition资源名称列出每个服务 pod 附加到的网络。您可以为您指定的每个网络附加配置服务的 NIC。如果您没有配置每个服务 pod 附加到的隔离网络,则使用默认 pod 网络。您必须创建一个与指定为dataplaneNetwork的网络匹配的networkAttachment,以便 Prometheus 可以从 dataplane 节点中提取数据。 -
Telemetry.template.autoscaling:您必须存在autoscaling字段,即使禁用了自动扩展。有关自动扩展的更多信息,请参阅实例自动扩展。
-
-
以下服务示例将默认 RHOSO MetalLB
添加以下服务配置来实现高可用性(HA):
用于所有 RHOSO 服务(
openstack)的 MariaDB Galera 集群,以及用于 cell1 的 Compute 服务使用的 MariaDB Galera 集群(openstack-):cell1galera: templates: openstack: storageRequest: 5000M secret: osp-secret replicas: 3 openstack-cell1: storageRequest: 5000M secret: osp-secret replicas: 3包含三个 memcached 服务器的单个 memcached 集群:
memcached: templates: memcached: replicas: 3用于所有 RHOSO 服务的 RabbitMQ 集群(
rabbitmq)和 RabbitMQ 集群,供计算服务用于cell1(rabbitmq-cell1)使用:rabbitmq: templates: rabbitmq: replicas: 3 override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.85 spec: type: LoadBalancer rabbitmq-cell1: replicas: 3 override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.86 spec: type: LoadBalancer注意您不能在同一虚拟 IP (VIP)地址上配置多个 RabbitMQ 实例,因为所有 RabbitMQ 实例都使用相同的端口。如果您需要将多个 RabbitMQ 实例公开给同一网络,则必须使用不同的 IP 地址。
创建 control plane:
$ oc create -f openstack_control_plane.yaml -n openstack等待 RHOCP 创建与
OpenStackControlPlaneCR 相关的资源。运行以下命令来检查状态:$ oc get openstackcontrolplane -n openstack NAME STATUS MESSAGE openstack-control-plane Unknown Setup started当状态为 "Setup complete" 时,会创建
OpenStackControlPlane资源。提示将
-w选项附加到get命令的末尾,以跟踪部署进度。注意创建 control plane 还会创建一个
OpenStackClientpod,您可以通过远程 shell (rsh)访问以运行 OpenStack CLI 命令。$ oc rsh -n openstack openstackclient可选:通过查看
openstack命名空间中的 pod 确认部署了 control plane:$ oc get pods -n openstack当所有 pod 都已完成或运行时,会部署 control plane。
验证
打开与
OpenStackClientpod 的远程 shell 连接:$ oc rsh -n openstack openstackclient确认内部服务端点已注册到每个服务:
$ openstack endpoint list -c 'Service Name' -c Interface -c URL --service glance +--------------+-----------+---------------------------------------------------------------+ | Service Name | Interface | URL | +--------------+-----------+---------------------------------------------------------------+ | glance | internal | https://glance-internal.openstack.svc | | glance | public | https://glance-default-public-openstack.apps.ostest.test.metalkube.org | +--------------+-----------+---------------------------------------------------------------+退出
OpenStackClientpod:$ exit
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}