背景####
这几天公司第二个机房开始投入生产,作为新的开发测试环境,也毫不疑问采用的是OpenStack方案。由于OS本身支持Muilt-Region,研究了下,确实方便了很多。避免了有两个管理入口的问题,另外Dashboard支持多区域也方便进行统一的管理。不得不说OS确实很强大。
基础知识####
我们都知道Region是OpenStack里面用于隔离资源的一个重要概念。简单来说,一个Region对应一套完整的OpenStack环境,而Region和Region之间可以是跨机房的集群,也可以是一个大规模物理机集群分割后的集群。OpenStack在设计之初就是支持多Region的情况,由于Region之间资源(Mariadb,RabbitMQ等)的独立的,所以他们之间并不存在资源交互开销的情况。
那么关于OpenStack的资源隔离不光体现在Region上,Host Aggregates、Availability Zones和Nova-Cells同样也有各自的作用,他们之间的关系就如下图(ps:图有点老,网络组件还是quantum)所示:
我们可以看到,Region1和Region2之间只共享了Keystone和Dashboard服务。
操作####
注: 便于后面操作,后面的Region我就简单的命名RegionOne
和RegionTwo
了
1. 部署两套OpenStack
过程略(不管采用rdo或者其他方式,首先部署两套OpenStack是最基本的前提)
我这里的环境如下:
| Region| IP |
| --- | --- | --- |
| RegionOne | 10.16.22.1 |
| RegionTwo | 10.1.17.28 |
2. keystone中添加服务的访问入口,即endpoint
这里有很多方式,有的是将keystone的endpoint表导出来,修改好后再导回数据库,有的是直接通过keystone添加endpoint。本文更倾向于后者。
endpoint是OpenStack各服务暴露出来的urls访问点,列表中的每个URL都对应一个服务实例的访问地址,并且具有public、private和admin这三种权限。public url可以被全局访问(如http://compute.example.com),private url只能被局域网访问(如http://compute.example.local),admin url被从常规的访问中分离
- OpenStack的Endpoint如下:
# openstack endpoint list --long
+----------------------------------+------------+---------------+--------------+-----------------------------------------+-----------------------------------------+-----------------------------------------+
| ID | Region | Service Name | Service Type | PublicURL | AdminURL | InternalURL |
+----------------------------------+------------+---------------+--------------+-----------------------------------------+-----------------------------------------+-----------------------------------------+
| 3c2ae0faa6e7469b8f87f0864fb2e0db | RegionOne | neutron | network | http://10.16.22.1:9696 | http://10.16.22.1:9696 | http://10.16.22.1:9696 |
| 5e324a380bc74f7d8304614380cb40bc | RegionOne | cinderv2 | volumev2 | http://10.16.22.1:8776/v2/%(tenant_id)s | http://10.16.22.1:8776/v2/%(tenant_id)s | http://10.16.22.1:8776/v2/%(tenant_id)s |
| fdf523eaa3d849868558a21b89da87dc | RegionOne | cinderv3 | volumev3 | http://127.0.0.1:8776/v3/%(tenant_id)s | http://127.0.0.1:8776/v3/%(tenant_id)s | http://127.0.0.1:8776/v3/%(tenant_id)s |
| 385edda6cb784cb59268f3ce2d4a6ad6 | RegionOne | Image Service | image | http://10.16.22.1:9292 | http://10.16.22.1:9292 | http://10.16.22.1:9292 |
| 0ba108eff1ec405e98466ffd377e5c14 | RegionOne | keystone | identity | http://10.16.22.1:5000/v2.0 | http://10.16.22.1:35357/v2.0 | http://10.16.22.1:5000/v2.0 |
| c7d47189e23242828112b41424135247 | RegionOne | novav3 | computev3 | http://10.16.22.1:8774/v3 | http://10.16.22.1:8774/v3 | http://10.16.22.1:8774/v3 |
| 8dcdaa6a13ba4d7ea05b38b68e9e091e | RegionOne | nova | compute | http://10.16.22.1:8774/v2/%(tenant_id)s | http://10.16.22.1:8774/v2/%(tenant_id)s | http://10.16.22.1:8774/v2/%(tenant_id)s |
| f0ab9b8f224b4247890a71e4f6309556 | RegionOne | cinder | volume | http://10.16.22.1:8776/v1/%(tenant_id)s | http://10.16.22.1:8776/v1/%(tenant_id)s | http://10.16.22.1:8776/v1/%(tenant_id)s |
+----------------------------------+------------+---------------+--------------+-----------------------------------------+-----------------------------------------+-----------------------------------------+
- 获取Service UUID
# openstack service list --long
+----------------------------------+---------------+-----------+------------------------------+
| ID | Name | Type | Description |
+----------------------------------+---------------+-----------+------------------------------+
| 328bb434d3874cffba408b0688fc9155 | cinderv3 | volumev3 | Cinder Service v3 |
| 340beb8756e7426093e1d757749acff8 | neutron | network | Neutron Networking Service |
| 46126c94f8194bafb593305b9be564b2 | cinderv2 | volumev2 | Cinder Service v2 |
| 504d5d3cb66c4a5a99d2882831b9f575 | novav3 | computev3 | Openstack Compute Service v3 |
| 8e5e7f4461d2477fbd4035b0ecf8fb2c | nova | compute | Openstack Compute Service |
| 98db82338cb942b58234002c05596a9f | Image Service | image | OpenStack Image Service |
| b161adf71661471eb42fa2499e468eab | keystone | identity | OpenStack Identity Service |
| eda9475fe28648fcac60e6429f6af1ca | cinder | volume | Cinder Service |
+----------------------------------+---------------+-----------+------------------------------+
- 加入第二个Region很简单,只需要根据上面这个endpoint逐一添加第二个Region的endpoint即可。
# openstack endpoint create
usage: openstack endpoint create [-h]
[-f {html,json,json,shell,table,value,yaml,yaml}]
[-c COLUMN] [--max-width ]
[--noindent] [--prefix PREFIX] --publicurl
[--adminurl ]
[--internalurl ] [--region ]
openstack endpoint create: error: too few arguments
keystone
# openstack endpoint create --publicurl "http://10.16.22.1:5000/v2.0" --adminurl "http://10.16.22.1:35357/v2.0" --internalurl "http://10.16.22.1:5000/v2.0" --region RegionTwo b161adf71661471eb42fa2499e468eab
Image Service
# openstack endpoint create --publicurl "http://10.1.17.28:9292" --adminurl "http://10.1.17.28:9292" --internalurl "http://10.1.17.28:9292" --region RegionTwo 98db82338cb942b58234002c05596a9f
cinder
# openstack endpoint create --publicurl "http://10.1.17.28:8776/v1/%(tenant_id)s" --adminurl "http://10.1.17.28:8776/v1/%(tenant_id)s" --internalurl "http://10.1.17.28:8776/v1/%(tenant_id)s" --region RegionTwo eda9475fe28648fcac60e6429f6af1ca
cinderv2
# openstack endpoint create --publicurl "http://10.1.17.28:8776/v2/%(tenant_id)s" --adminurl "http://10.1.17.28:8776/v2/%(tenant_id)s" --internalurl "http://10.1.17.28:8776/v2/%(tenant_id)s" --region RegionTwo 46126c94f8194bafb593305b9be564b2
cinderv3
# openstack endpoint create --publicurl "http://127.0.0.1:8776/v3/%(tenant_id)s" --adminurl "http://127.0.0.1:8776/v3/%(tenant_id)s" --internalurl "http://127.0.0.1:8776/v3/%(tenant_id)s" --region RegionTwo 328bb434d3874cffba408b0688fc9155
neutron
# openstack endpoint create --publicurl "http://10.1.17.28:9696" --adminurl "http://10.1.17.28:9696" --internalurl "http://10.1.17.28:9696" --region RegionTwo 340beb8756e7426093e1d757749acff8
nova
# openstack endpoint create --publicurl "http://10.1.17.28:8774/v2/%(tenant_id)s" --adminurl "http://10.1.17.28:8774/v2/%(tenant_id)s" --internalurl "http://10.1.17.28:8774/v2/%(tenant_id)s" --region RegionTwo 8e5e7f4461d2477fbd4035b0ecf8fb2c
novav3
# openstack endpoint create --publicurl "http://10.1.17.28:8774/v3" --adminurl "http://10.1.17.28:8774/v3" --internalurl "http://10.1.17.28:8774/v3" --region RegionTwo 504d5d3cb66c4a5a99d2882831b9f575
- 最终结果
# openstack endpoint list --long
+----------------------------------+-----------+---------------+--------------+-----------------------------------------+-----------------------------------------+-----------------------------------------+
| ID | Region | Service Name | Service Type | PublicURL | AdminURL | InternalURL |
+----------------------------------+-----------+---------------+--------------+-----------------------------------------+-----------------------------------------+-----------------------------------------+
| 3c2ae0faa6e7469b8f87f0864fb2e0db | RegionOne | neutron | network | http://10.16.22.1:9696 | http://10.16.22.1:9696 | http://10.16.22.1:9696 |
| 9546c80aa6a2496da03c55dfdebb0193 | RegionTwo | novav3 | computev3 | http://10.1.17.28:8774/v3 | http://10.1.17.28:8774/v3 | http://10.1.17.28:8774/v3 |
| 5e324a380bc74f7d8304614380cb40bc | RegionOne | cinderv2 | volumev2 | http://10.16.22.1:8776/v2/%(tenant_id)s | http://10.16.22.1:8776/v2/%(tenant_id)s | http://10.16.22.1:8776/v2/%(tenant_id)s |
| f14eceb4900e46c0b5b3c30314201f46 | RegionTwo | Image Service | image | http://10.1.17.28:9292 | http://10.1.17.28:9292 | http://10.1.17.28:9292 |
| db41d86bf1e74697ae80ef28155ee988 | RegionTwo | cinder | volume | http://10.1.17.28:8776/v1/%(tenant_id)s | http://10.1.17.28:8776/v1/%(tenant_id)s | http://10.1.17.28:8776/v1/%(tenant_id)s |
| f129e23f71744f4aae868c57dc372825 | RegionTwo | cinderv3 | volumev3 | http://127.0.0.1:8776/v3/%(tenant_id)s | http://127.0.0.1:8776/v3/%(tenant_id)s | http://127.0.0.1:8776/v3/%(tenant_id)s |
| fdf523eaa3d849868558a21b89da87dc | RegionOne | cinderv3 | volumev3 | http://127.0.0.1:8776/v3/%(tenant_id)s | http://127.0.0.1:8776/v3/%(tenant_id)s | http://127.0.0.1:8776/v3/%(tenant_id)s |
| 385edda6cb784cb59268f3ce2d4a6ad6 | RegionOne | Image Service | image | http://10.16.22.1:9292 | http://10.16.22.1:9292 | http://10.16.22.1:9292 |
| 0ba108eff1ec405e98466ffd377e5c14 | RegionOne | keystone | identity | http://10.16.22.1:5000/v2.0 | http://10.16.22.1:35357/v2.0 | http://10.16.22.1:5000/v2.0 |
| f5319cc6ddef49e0aa6cef7d3fccfa63 | RegionTwo | neutron | network | http://10.1.17.28:9696 | http://10.1.17.28:9696 | http://10.1.17.28:9696 |
| c7d47189e23242828112b41424135247 | RegionOne | novav3 | computev3 | http://10.16.22.1:8774/v3 | http://10.16.22.1:8774/v3 | http://10.16.22.1:8774/v3 |
| 887486e1ecf94507a04a54ad8f38f5e4 | RegionTwo | nova | compute | http://10.1.17.28:8774/v2/%(tenant_id)s | http://10.1.17.28:8774/v2/%(tenant_id)s | http://10.1.17.28:8774/v2/%(tenant_id)s |
| 8dcdaa6a13ba4d7ea05b38b68e9e091e | RegionOne | nova | compute | http://10.16.22.1:8774/v2/%(tenant_id)s | http://10.16.22.1:8774/v2/%(tenant_id)s | http://10.16.22.1:8774/v2/%(tenant_id)s |
| 90fedd6cc9ce4080a83278829a48fcf7 | RegionTwo | cinderv2 | volumev2 | http://10.1.17.28:8776/v2/%(tenant_id)s | http://10.1.17.28:8776/v2/%(tenant_id)s | http://10.1.17.28:8776/v2/%(tenant_id)s |
| f0ab9b8f224b4247890a71e4f6309556 | RegionOne | cinder | volume | http://10.16.22.1:8776/v1/%(tenant_id)s | http://10.16.22.1:8776/v1/%(tenant_id)s | http://10.16.22.1:8776/v1/%(tenant_id)s |
| 300d32b823cb4879bd9ccb415cec0532 | RegionTwo | keystone | identity | http://10.16.22.1:5000/v2.0 | http://10.16.22.1:35357/v2.0 | http://10.16.22.1:5000/v2.0 |
+----------------------------------+-----------+---------------+--------------+-----------------------------------------+-----------------------------------------+-----------------------------------------+
3. 修改RegionTwo的配置文件
具体修改项我就不一一列举了,我这里列下注意点:
RegionTwo集群上所有Service的identity认证全部指向10.16.22.1服务器;
RegionTwo集群上所有Service配置文件中的admin_password与RegionOne保持一致;(ps:在这里我强烈建议采用rdo用同一个anwser-file去部署两套OpenStack环境,这样可以避免很多麻烦)
RegionTwo集群上所有Service配置文件中的region_name配置项修改为region_name=RegionTwo;
4. Dashboard
如果以上过程顺利,恭喜你,你的OpenStack现在也支持多区域了。
如果你嫌弃RegionOne和RegionTwo命名太Low,你最好在部署实施之前规划好Region的命名。当然,现在也不是不能改,顶多就是在重复下本文以上操作而已。
扩展以及不足####
环境Keystone主要还是放在一个控制节点上,始终还是存在单节点故障。生产环境可以考虑将openstack-keystone服务单独提出来,后端mysql和memcached可以采用集群的方式,保证稳定性。
有OpenStack的配额管理是实现在各Service里面,所以在实际使用当中,在RegionOne里面编辑好的租户配额在RegionTwo里面并不生效。