Ansible部署高可用OpenStack平台
一 实验目标
(1)了解高可用OpenStack平台架构。
(2)了解Ansible部署工具的使用。
(3)使用Ansible工具部署OpenStack平台。
二 实验分析
1 部署架构
两台控制节点用作高可用环境部署,dashboard访问采用负载均衡方式,提供VIP地址,平台访问通过VIP地址进行访问,可保证在其中一台控制节点异常时,另一台控制节点可以正常使用。MariaDB数据库采用集群式部署,控制节点间数据库相互进行同步。
采用多计算节点部署OpenStack平台,提供两台计算节点。
Ansible节点为VMware中的虚拟机,提供了Yum安装源和Ansible部署脚本,利用安装源和部署脚本可以一键部署OpenStack平台和添加计算节点。
2 规划节点
| IP |
主机名 |
节点 |
| 192.168.100.10 |
controller01 |
控制节点1 |
| 192.168.100.11 |
controller02 |
控制节点2 |
| 192.168.100.12 |
compute01 |
计算节点1 |
| 192.168.100.13 |
compute02 |
计算节点2 |
| 192.168.100.100 |
server |
Ansible |
首先解压提供的server_bak.zip,通过VMWare Workstation软件打开server_bak这个虚拟机,这台机器作为Ansible节点。手动最小化安装4台CentOS 7.2系统的服务器,作为OpenStack节点,每个节点添加2张网卡,以及配置CPU虚拟化。
三 实验实施
1. 基础环境配置
(1)IP地址配置
两台控制节点和两台计算节点,配置每个节点IP地址。并使用secureCRT进行连接。
controller01节点修改部分:
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=46dee78c-769e-48ff-83b3-244489dfba5b
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0controller02节点修改部分:
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=46dee78c-769e-48ff-83b3-244489dfba5b
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.100.11
NETMASK=255.255.255.0compute01节点修改部分:
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=46dee78c-769e-48ff-83b3-244489dfba5b
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.100.12
NETMASK=255.255.255.0compute02节点修改部分:
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=46dee78c-769e-48ff-83b3-244489dfba5b
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.100.13
NETMASK=255.255.255.0(2)启动Ansible虚拟机
Ansible节点修改部分:
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.100.100
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
DNS1=114.114.114.114
NAME=eth2
DEVICE=eth2
ONBOOT=yes2. Ansible安装OpenStack平台
(1)修改Ansible环境配置
通过secureCRT登录Ansible节点,进入Ansible脚本目录。
[root@server xd-cloud-simple]# cd /opt
[root@server opt]# ll
total 2992
-rwxr-xr-x 1 root root 1726 Nov 29 2017 172.30.14.8_passwd
drwxr-xr-x. 8 root root 4096 Aug 24 2017 cache
drwxr-xr-x 7 root root 4096 Aug 24 2017 centos6.5
drwxr-xr-x 8 root root 4096 Jun 20 2017 centos7.2
-rw-r--r-- 1 root root 1406 Nov 29 2017 centos7_ks.cfg
-rw-r--r-- 1 root root 80 Sep 28 2019 hosts
-rw-r--r-- 1 root root 48 Sep 28 2019 hosts1
drwxr-xr-x 4 root root 35 Jan 11 2018 iaas
-rw-r--r-- 1 root root 133 Sep 28 2019 passwd
-rw-r--r-- 1 root root 1473 Aug 24 2017 rename_sys_net_name.sh
drwxr-xr-x 3 root root 119 Jan 11 2018 xd-cloud
-rw-r--r-- 1 root root 1003254 Nov 16 2017 xd-cloud-20171116.zip
drwxr-xr-x 3 root root 119 Jan 11 2018 xd-cloud-all
drwxr-xr-x 3 root root 4096 Nov 23 09:14 xd-cloud-simple
-rw-r--r-- 1 root root 2018596 Jan 11 2018 xd-cloud.zip编辑configuration.cfg环境配置文件,根据实际地址和参数进行修改变量。
[root@server xd-cloud-simple]# vi configuration.cfg
# Xiandian Cloud Platform Installation Script
# taicai.
#-----------------------------------------------
# Basic Authentication
#-----------------------------------------------
REGION_NAME=xiandian
DOMAIN_NAME=domain
MGMT_NET_CIDR=192.168.100.0/24
DATA_NET_CIDR=192.168.100.0/24
#-----------------------------------------------
# System Config
# Controller Node
#-----------------------------------------------
CON_IS_HA=yes
CON_VIP_IP=192.168.100.20 //控制节点VIP地址
CON_HOST_NAME=controller01,controller02
CON_MGMT_DEV_NAME=eno16777736
CON_MGMT_DEV_IP=192.168.100.10,192.168.100.11
CON_DATA_DEV_NAME=eno16777736
CON_DATA_DEV_IP=192.168.100.10,192.168.100.11
#-----------------------------------------------
# Compute Node
#-----------------------------------------------
COM_MGMT_DEV_NAME=eno16777736
COM_MGMT_DEV_IP=192.168.100.12,192.168.100.13
COM_HOST_NAME=compute01,compute02
COM_DATA_DEV_NAME=eno16777736 //计算节点数据网络网卡名称
COM_DATA_DEV_IP=192.168.100.12,192.168.100.13
COM_PRI_DEV_NAME=enp9s0
COM_EXT_DEV_NAME=enp9s0 //计算节点外部网络网卡名称
NEUTRON_MIN_VLAN_NAME=114
NEUTRON_MAX_VLAN_NAME=120 //可用网络结束vlanID号,可用vlanID范围为114-120
#-----------------------------------------------
# Storage Node
#-----------------------------------------------
#STORAGE_MGMT_DEV_NAME=enp9s0
#STORAGE_MGMT_DEV_IP=10.0.1.1,10.0.1.2,10.0.1.3,10.0.1.4
#STORAGE_HOST_NAME=node-1,node-2,node-3,node-4
#STORAGE_DISK_NAME="/dev/sda /dev/sdb"
#STORAGE_DATA_DEV_NAME=enp10s0
#STORAGE_DATA_DEV_IP=10.0.1.1,10.0.1.2,10.0.1.3,10.0.1.4
#-----------------------------------------------
# yum repo config
#-----------------------------------------------
NAME1=centos7
URL1=ftp://192.168.100.100/centos7.2/
NAME2=iaas
URL2=ftp://192.168.100.100/iaas/iaas-repo/
ALL_SERVER_ROOT_PASSWORD=000000(2)执行脚本 ./install.sh
(3)执行完成结果
执行完脚本后,各节点服务安装完毕,Ansible会提示各个节点安装情况,是否有异常安装。
PLAY RECAP *********************************************************************
192.168.100.10 : ok=58 changed=49 unreachable=0 failed=0
192.168.100.11 : ok=33 changed=31 unreachable=0 failed=0
192.168.100.12 : ok=8 changed=6 unreachable=0 failed=0
192.168.100.13 : ok=7 changed=5 unreachable=0 failed=0 Ansible部署过程中,各个服务密码为自动随机生成,可在Ansible虚拟机中,查看平台登陆域、用户名、密码和各个服务密码。
[root@server xd-cloud-simple]# cat /opt/xd-cloud-simple/module/passwd
OPENSTACK_SERVICE_NAME_PASS=wY5GuPt5hkxmN6v3T1X2
OPENSTACK_SERVICE_PASS=Sn5nC5FYAXy3ra3ieL9P
OPENSTACK_METADATA_KEY_PASS=it8wP8Ljna54JDMMAF9w
OPENSTACK_KEYSTONE_TOKEN_PASS=Rak4RBrJKJMO3DyrGRWI
DATABASE_PASS=KqNCCOKtgaKo8D6Gd85j
ADMINISTRATOR_NAME=admin
ADMINISTRATOR_PASS=RgEY7OhGFEz6ew582M5l(4)查看控制节点地址
安装完成后,登录controller01节点,查看IP地址,可以看到br-mgmt管理网卡,有一个“192.168.100.20”的VIP地址。
[root@controller01 ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
link/ether 00:0c:29:5f:68:9b brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe5f:689b/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: mtu 1500 qdisc noop state DOWN
link/ether ea:42:ed:cb:84:74 brd ff:ff:ff:ff:ff:ff
4: br-mgmt: mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:0c:29:5f:68:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global br-mgmt
valid_lft forever preferred_lft forever
inet 192.168.100.20/32 scope global br-mgmt
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:689b/64 scope link
valid_lft forever preferred_lft forever
5: br-int: mtu 1500 qdisc noop state DOWN
link/ether 0a:a0:c1:57:80:46 brd ff:ff:ff:ff:ff:ff 登录controller02节点,查看IP地址,在br-mgmt管理网卡不存在VIP地址,当controller01节点异常,VIP将自动切换至controller02节点。
[root@controller02 ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
link/ether 00:0c:29:2c:f2:b6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe2c:f2b6/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: mtu 1500 qdisc noop state DOWN
link/ether 96:48:62:62:0e:dc brd ff:ff:ff:ff:ff:ff
4: br-mgmt: mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:0c:29:2c:f2:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.11/24 brd 192.168.100.255 scope global br-mgmt
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2c:f2b6/64 scope link
valid_lft forever preferred_lft forever
5: br-int: mtu 1500 qdisc noop state DOWN
link/ether d2:11:01:c1:48:4b brd ff:ff:ff:ff:ff:ff (5)访问OpenStack平台
通过VIP地址访问Dashboard平台,在浏览器中输入地址192.168.100.20进行访问,通过在Ansible查看的passwd文件中的域、用户名和密码登陆平台。
