安全服务链编排系统安装部署文档
本系统基于OpenStack Pike版本安装,在安装tacker之前,请确保以下模块都已正确安装部署:keystone,mistral,barbican,horizon。以上模块安装配置参考以下链接:
https://docs.openstack.org/keystone/latest/install/index.html
https://docs.openstack.org/mistral/latest/install/index.html
https://docs.openstack.org/barbican/latest/install/install.html
https://docs.openstack.org/horizon/latest/install/index.html
1.准备数据库
mysql -uroot -p
CREATE DATABASE tacker;
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost' IDENTIFIED BY 'P1ssw0rd';
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' IDENTIFIED BY 'P1ssw0rd';
exit;
2.创建tacker用户并将其加入service服务中,赋予admin权限
openstack user create --domain default --password-prompt tacker
openstack role add --project service --user tacker admin
#设置密码为 P@ssw0rd
3.创建tacker服务实体和API
openstack service create --name tacker --description "Tacker Project" nfv-orchestration
如果使用的是keystone v3,按照下列命令创建endpoint:
openstack endpoint create --region RegionOne nfv-orchestration public http://controller:9890/
openstack endpoint create --region RegionOne nfv-orchestration internal http://controller:9890/
openstack endpoint create --region RegionOne nfv-orchestration admin http://controller:9890/
如果是keystone v2,则采用以下命令创建endpoint:
openstack endpoint create --region RegionOne --publicurl 'http://controller:9890/' --adminurl 'http://controller:9890/' --internalurl 'http://controller:9890/' <SERVICE-ID>
4.安装tacker server
cd ~/
git clone https://github.com/openstack/tacker -b stable/pike
#安装依赖包
yum -y install gcc gcc-c++
yum -y install python-devel
cd tacker
pip install -r requirements.txt
#安装tacker
python setup.py install
#创建tacker日志目录
mkdir /var/log/tacker
#生成配置文件
./tools/generate_config_file_sample.sh
#这时生成的配置文件在etc/tacker/tacker.conf.sample,需要将其重命名为tacker.conf
mv etc/tacker/tacker.conf.sample etc/tacker/tacker.conf
#创建tacker配置目录
mkdir /etc/tacker
#复制代码目录下etc/tacker所有文件到/etc/tacker
cp etc/tacker/* /etc/tacker/. -rf
5.修改配置文件
openstack-config --set /etc/tacker/tacker.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/tacker/tacker.conf DEFAULT policy_file /etc/tacker/policy.json
openstack-config --set /etc/tacker/tacker.conf DEFAULT use_syslog False
openstack-config --set /etc/tacker/tacker.conf DEFAULT bind_port 9890
openstack-config --set /etc/tacker/tacker.conf DEFAULT service_plugins nfvo,vnfm
openstack-config --set /etc/tacker/tacker.conf DEFAULT state_path /var/lib/tacker
openstack-config --set /etc/tacker/tacker.conf nfvo vim_drivers openstack
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken region_name RegionOne
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken auth_type password
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken project_name service
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken username tacker
openstack-config --set /etc/tacker/tacker.conf keystone_authtoken password P@ssw0rd
openstack-config --set /etc/tacker/tacker.conf agent root_helper "sudo /usr/bin/tacker-rootwrap /etc/tacker/rootwrap.conf"
openstack-config --set /etc/tacker/tacker.conf database connection mysql://tacker:P1ssw0rd@controller:3306/tacker?charset=utf8
openstack-config --set /etc/tacker/tacker.conf tacker monitor_driver ping,http_ping
6.同步数据库
tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head
7.安装tacker client
cd ~/
git clone https://github.com/openstack/python-tackerclient -b stable/pike
cd python-tackerclient
python setup.py install
8.安装tacker horizon
cd ~/
git clone https://github.com/openstack/tacker-horizon -b stable/pike
cd tacker-horizon
python setup.py install
#配置tacker horizon到仪表盘面板
cp tacker_horizon/enabled/* /usr/share/openstack-dashboard/openstack_dashboard/enabled/
9.重启http服务器
systemctl restart httpd
10.启动tacker server
python /usr/bin/tacker-server --config-file /etc/tacker/tacker.conf --log-file /var/log/tacker/tacker.log &
11.将tacker设置为系统服务
cat > /usr/lib/systemd/system/openstack-tacker-server.service << EOF
[Unit]
Description=OpenStack Nova API Server
After=syslog.target network.target
[Service]
Type=notify
NotifyAccess=all
TimeoutStartSec=0
Restart=always
User=root
ExecStart=/usr/bin/tacker-server --config-file /etc/tacker/tacker.conf --log-file /var/log/tacker/tacker.log
[Install]
WantedBy=multi-user.target
EOF
#启动
systemctl start openstack-tacker-server
systemctl enable openstack-tacker-server
systemctl status openstack-tacker-server
12.注册默认的VIM(控制台也可以操作)
参考:https://www.2cto.com/net/201702/602258.html
#编写一个yaml配置文件
cat > /root/config.yaml << EOF
auth_url: http://controller.ideal.yfb0801800.islab.net.cn:5000/v3/
username: tacker
password: P@ssw0rd
project_name: service
EOF
#创建VIM
tacker vim-register --is-default --config-file /root/config.yaml test_vim
报错:
Expecting to find domain in project. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
解决:
间接受到启发:
http://www.mamicode.com/info-detail-2304452.html
https://stackoverflow.com/questions/33698861/openstack-novaclient-python-api-not-working
在config.yaml文件中添加两个domain域名即可:
user_domain_name: Default
project_domain_name: Default
报错:
status | PENDING
成功的状态应该是REACHABLE
解决:
13.错误收集
控制台上的NFV/VNF报错: “错误:Unable to get xxx”
原因是:tacker server挂掉了,验证是否挂掉:netstat -tunlp | grep 9890
解决办法:启动即可:
python /usr/bin/tacker-server --config-file /etc/tacker/tacker.conf --log-file /var/log/tacker/tacker.log &