OpenStack Octavia部署过程(集群R版)
最初在了解octavia的时候,有幸拜读了范桂飓大神https://me.csdn.net/Jmilk的博文,学到了很多,让我能更快速且全面的了解octavia,感谢他对于技术知识的分享。
主节点(controller1)基础配置
一、创建数据库
mysql -uroot -p
CREATE DATABASE octavia;
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'%' IDENTIFIED BY '123456';
flush privileges;
exit; 二、安装软件包
yum -y install\
openstack-octavia-api.noarch\
openstack-octavia-common.noarch \
openstack-octavia-health-manager.noarch \
openstack-octavia-housekeeping.noarch \
openstack-octavia-worker.noarch \
openstack-octavia-diskimage-create.noarch \
python2-octaviaclient.noarch \
python-pip.noarch
#openstack loadbalancer扩展命令(第二种安装方法)
git clone https://github.com/openstack/python-octaviaclient.git -b stable/rocky
cd python-octaviaclient
pip install -r requirements.txt -e .
三、制作并导入Amphora镜像
git clone https://github.com/openstack/octavia.git
cd octavia/diskimage-create/
./diskimage-create.sh -i ubuntu -t qcow2 -o amphora-x64-haproxy
openstack image create amphora-x64-haproxy --public --container-format=bare --disk-format qcow2 --file --tag amphora 注:制作镜像时脚本会去读取国外的源,网络环境不好的情况下会无法顺利创建镜像
四、创建keystone认证体系(用户、角色、endpoint)
openstack user create --domain default --password 123456 octavia
openstack role add --project service --user octavia admin
openstack service create load-balancer --name octavia
openstack endpoint create octavia public http://controller1:9876 --region RegionOne
openstack endpoint create octavia admin http://controller1:9876 --region RegionOne
openstack endpoint create octavia internal http://controller1:9876 --region RegionOne五、创建安全组
# Amphora 虚拟机使用,LB Network 与 Amphora 通信,分别为service下的安全组添加规则
openstack security group create lb-mgmt-sec-grp --project
openstack security group rule create --protocol udp --dst-port 5555
openstack security group rule create --protocol tcp --dst-port 22
openstack security group rule create --protocol tcp --dst-port 9443 # Amphora 虚拟机使用,Health Manager 与 Amphora 通信,#分别为admin/service下的安全组添加规则
openstack security group create lb-health-mgr-sec-grp --project
openstack security group rule create --protocol udp --dst-port 5555
openstack security group rule create --protocol tcp --dst-port 22
openstack security group rule create --protocol tcp --dst-port 9443 六、创建管理网络(指定租户)
openstack network create lb-mgmt-net --project
openstack subnet create --subnet-range 192.168.0.0/24 --allocation-pool start=192.168.0.2,end=192.168.0.100 --network lb-mgmt-net lb-mgmt-subnet 七、创建管理端口
openstack port create octavia-health-manager-standalone-listen-port \
--security-group lb-health-mgr-sec-grp \
--device-owner Octavia:health-mgr \
--host --network lb-mgmt-net \
--project service
ovs-vsctl --may-exist add-port br-int o-hm0 \
-- set Interface o-hm0 type=internal \
-- set Interface o-hm0 external-ids:iface-status=active \
-- set Interface o-hm0 external-ids:attached-mac= \
-- set Interface o-hm0 external-ids:iface-id= 
八、为管理端口设置ip(Health Manager 监听端口设置 IP)
重启服务器时会重建o-hm0网卡,需要注意这个问题。
ip link set dev o-hm0 address
ip addr add dev o-hm0 #<>处是添加ip和子网
ip link set dev o-hm0 up #启动网卡使配置生效 
九、生成octavia controller与amphora通信的证书
获取源码,生成证书
cd octavia/bin
source create_certificates.sh /etc/octavia/certs/ /root/octavia/etc/certificates/openssl.cnf
chown octavia:octavia /etc/octavia/certs -R十、创建密钥对
mkdir -p /etc/octavia/.ssh
ssh-keygen -b 2048 -t rsa -N "" -f /etc/octavia/.ssh/octavia_ssh_key
nova keypair-add --pub-key=/etc/octavia/.ssh/octavia_ssh_key.pub octavia_ssh_key --user
修改配置文件
十一、修改配置文件
#/etc/octavia/octavia.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@controller1:5672,openstack:openstack@controller2:5672,openstack:openstack@controller3:5672
[api_settings]
bind_host = 172.27.125.201
bind_port = 9876
api_handler = queue_producer
auth_strategy = keystone
[database]
connection = mysql+pymysql://octavia:123456@controller1:3306/octavia
[health_manager]
bind_ip = 192.168.0.12
bind_port = 5555
controller_ip_port_list = 192.168.0.12:5555
heartbeat_key = insecure
[keystone_authtoken]
auth_uri = http://172.27.125.106:5000
auth_url = http://172.27.125.106:5000
memcached_servers = controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = octavia
password = 123456
[certificates]
ca_private_key_passphrase = foobar
ca_private_key = /etc/octavia/certs/private/cakey.pem
ca_certificate = /etc/octavia/certs/ca_01.pem
[haproxy_amphora]
server_ca = /etc/octavia/certs/ca_01.pem
client_cert = /etc/octavia/certs/client.pem
key_path = /etc/octavia/.ssh/octavia_ssh_key
base_path = /var/lib/octavia
base_cert_dir = /var/lib/octavia/certs
connection_max_retries = 5500
connection_retry_interval = 5
rest_request_conn_timeout = 10
rest_request_read_timeout = 120
[controller_worker]
client_ca = /etc/octavia/certs/ca_01.pem
amp_image_tag = amphora
amp_image_owner_id = 22d71ab1b5b548f7b076b61e7c3ed7dc
amp_flavor_id = c6cc5162-26cb-4e98-aa49-efb3eb369eb2
amp_secgroup_list = 0428056a-f1fb-457e-bd33-c2d23eb6d2cd
amp_boot_network_list = 450227cc-11e8-4422-8bf5-540ef5cb2dfe
amp_ssh_key_name = octavia_ssh_key
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
workers = 2 #物理环境下可以不用配置此项,如果在虚拟机环境中部署可适当调整下面两个参数
amp_active_retries = 100 #物理环境下可以不用配置此项
amp_active_wait_sec = 2 #物理环境下可以不用配置此项
loadbalancer_topology = ACTIVE_STANDBY
[oslo_messaging]
topic = octavia_prov
rpc_thread_pool_size = 2
[house_keeping]
load_balancer_expiry_age = 3600
amphora_expiry_age = 3600
[service_auth]
memcached_servers = controller1:11211,controller2:11211,controller3:11211
project_domain_name = default
project_name = service
user_domain_name = default
password = 123456
username = octavia
auth_type = password
auth_url = http://172.27.125.106:5000
auth_uri = http://172.27.125.106:5000 十二、初始化octavia数据库
octavia-db-manage upgrade head
十三、启动服务
#重启octavia各组件(可以把octavia-api加入到httpd服务中,提升性能)
systemctl restart octavia-api.service
systemctl restart octavia-worker.service
systemctl restart octavia-health-manager.service
systemctl restart octavia-housekeeping.service
#开机自启
systemctl enable octavia-api.service
systemctl enable octavia-worker.service
systemctl enable octavia-health-manager.service
systemctl enable octavia-housekeeping.service
十四、添加 Load Balancers 页面
git clone https://github.com/openstack/octavia-dashboard.git -b stable/rocky
cd octavia-dashboard
python setup.py install
cd octavia_dashboard/enabled/
cp _1482_project_load_balancer_panel.py /usr/share/openstack-dashboard/openstack_dashboard/enabled/
cd /usr/share/openstack-dashboard
./manage.py collectstatic
./manage.py compress
systemctl restart httpd