OpenStack Train版 简单部署流程（4）- octavia

Prerequisites

1.Create the database, complete these steps:

mysql -uroot -p1234qwer
CREATE DATABASE octavia;
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'localhost'  IDENTIFIED BY 'OCTAVIA_DBPASS';
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'%' IDENTIFIED BY 'OCTAVIA_DBPASS';
quit

2.To create the Octavia service credentials, complete these steps:

openstack user create --domain default --password octavia123 octavia
openstack role add --project admin --user octavia admin
openstack service create --name octavia --description "OpenStack Octavia" load-balancer

3.Create the Load-balancer service API endpoints:

openstack endpoint create --region RegionOne load-balancer public http://controller:9876
openstack endpoint create --region RegionOne load-balancer internal http://controller:9876
openstack endpoint create --region RegionOne load-balancer admin http://controller:9876

4.Create the amphora image

git clone https://github.com/openstack/octavia.git -b stable/train
yum -y install python2-pip qemu-img git e2fsprogs policycoreutils-python debootstrap libguestfs-tools virt-install.noarch python-virtualenv
virtualenv octavia_disk_image_create
source octavia_disk_image_create/bin/activate
cd octavia/diskimage-create/
wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
systemctl restart libvirtd;systemctl enable libvirtd
export LIBGUESTFS_BACKEND=direct
export DIB_REPOREF_amphora_agent=stable/train
export DIB_LOCAL_IMAGE=/root/octavia/diskimage-create/CentOS-7-x86_64-GenericCloud.qcow2
virt-customize -a /root/octavia/diskimage-create/CentOS-7-x86_64-GenericCloud.qcow2 --selinux-relabel --run-command 'yum install -y centos-release-openstack-train telnet traceroute bind-utils'
virtualenv octavia_disk_image_create
source octavia_disk_image_create/bin/activate
cd octavia/diskimage-create
pip install -r requirements.txt
./diskimage-create.sh -r 1234qwer -i centos-minimal -s 4

5.Upload the amphora image

openstack image create --disk-format qcow2 --container-format bare --private --tag amphora --file /root/octavia/diskimage-create/amphora-x64-haproxy.qcow2 amphora-x64-haproxy

6.Create a flavor for the amphora image

openstack flavor create --id 200 --vcpus 1 --ram 1024 --disk 2 "amphora" --private

code

mysql -uroot -p1234qwer
CREATE DATABASE octavia;
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'localhost'  IDENTIFIED BY 'OCTAVIA_DBPASS';
GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'%' IDENTIFIED BY 'OCTAVIA_DBPASS';
quit
openstack user create --domain default --password octavia123 octavia
openstack role add --project admin --user octavia admin
openstack service create --name octavia --description "OpenStack Octavia" load-balancer
openstack endpoint create --region RegionOne load-balancer public http://controller:9876
openstack endpoint create --region RegionOne load-balancer internal http://controller:9876
openstack endpoint create --region RegionOne load-balancer admin http://controller:9876
git clone https://github.com/openstack/octavia.git -b stable/train
yum -y install python2-pip qemu-img git e2fsprogs policycoreutils-python debootstrap libguestfs-tools virt-install.noarch python-virtualenv
virtualenv octavia_disk_image_create
source octavia_disk_image_create/bin/activate
cd octavia/diskimage-create/
wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
systemctl start libvirtd
systemctl enable libvirtd
export LIBGUESTFS_BACKEND=direct
export DIB_REPOREF_amphora_agent=stable/train
export DIB_LOCAL_IMAGE=/root/octavia/diskimage-create/CentOS-7-x86_64-GenericCloud.qcow2
virt-customize -a /root/octavia/diskimage-create/CentOS-7-x86_64-GenericCloud.qcow2 --selinux-relabel --run-command 'yum install -y centos-release-openstack-train telnet traceroute bind-utils'
virtualenv octavia_disk_image_create
source octavia_disk_image_create/bin/activate
cd octavia/diskimage-create
pip install -r requirements.txt
./diskimage-create.sh -r 1234qwer -i centos-minimal -s 4
openstack image create --disk-format qcow2 --container-format bare --private --tag amphora --file /root/octavia/diskimage-create/amphora-x64-haproxy.qcow2 amphora-x64-haproxy
openstack flavor create --id 200 --vcpus 1 --ram 1024 --disk 2 "amphora" --private

Install and configure components

1.Install the packages:

yum -y install openstack-octavia-api openstack-octavia-health-manager openstack-octavia-housekeeping openstack-octavia-worker python-octavia python-octaviaclient

2.Create the certificates

git clone https://opendev.org/openstack/octavia.git
cd octavia/bin/
source create_dual_intermediate_CA.sh
sudo mkdir -p /etc/octavia/certs/private
sudo chmod 755 /etc/octavia -R
sudo cp -p etc/octavia/certs/server_ca.cert.pem /etc/octavia/certs
sudo cp -p etc/octavia/certs/server_ca-chain.cert.pem /etc/octavia/certs
sudo cp -p etc/octavia/certs/server_ca.key.pem /etc/octavia/certs/private
sudo cp -p etc/octavia/certs/client_ca.cert.pem /etc/octavia/certs
sudo cp -p etc/octavia/certs/client.cert-and-key.pem /etc/octavia/certs/private
chown octavia:octavia -R /etc/octavia/certs/

3.Create security groups and their rules

openstack security group create lb-mgmt-sec-grp
openstack security group rule create --protocol icmp lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 22 lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 9443 lb-mgmt-sec-grp
openstack security group create lb-health-mgr-sec-grp
openstack security group rule create --protocol udp --dst-port 5555 lb-health-mgr-sec-grp

4.Create a key pair for logging in to the amphora instance

ssh-keygen
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

5.Create dhclient.conf file for dhclient

cd $HOME
sudo mkdir -m755 -p /etc/dhcp/octavia
sudo cp octavia/etc/dhcp/dhclient.conf /etc/dhcp/octavia

6.Create a network

openstack network create lb-mgmt-net
openstack subnet create --subnet-range 192.168.0.0/24 --allocation-pool start=192.168.0.100,end=192.168.0.200 --network lb-mgmt-net lb-mgmt-subnet
OCTAVIA_MGMT_PORT_IP=192.168.0.2
SUBNET_ID=$(openstack subnet show lb-mgmt-subnet -f value -c id)
PORT_FIXED_IP="--fixed-ip subnet=$SUBNET_ID,ip-address=$OCTAVIA_MGMT_PORT_IP"
MGMT_PORT_ID=$(openstack port create --security-group lb-health-mgr-sec-grp --device-owner Octavia:health-mgr --host=$(hostname) -c id -f value --network lb-mgmt-net $PORT_FIXED_IP octavia-health-manager-listen-port)
MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
ip link add o-hm0 type veth peer name o-bhm0
NETID=$(openstack network show lb-mgmt-net -c id -f value)
BRNAME=brq$(echo $NETID|cut -c 1-11)
brctl addif $BRNAME o-bhm0
ip link set o-bhm0 up
ip link set dev o-hm0 address $MGMT_PORT_MAC
dhclient -v o-hm0 -cf /etc/dhcp/octavia

7.Edit the /etc/octavia/octavia.conf file

openstack project list
amp_image_owner_id = eec492e093a6451983958244799e4175
openstack security group list
amp_secgroup_list = 55235a38-2f54-49b4-83e8-4e9c61d752a8
openstack network list
amp_boot_network_list = 25dc889f-a8f4-4b74-8674-f2428004deb0

amp_image_owner_id=$(openstack project list|grep admin|awk '{print $2}')
amp_secgroup_list=$(openstack security group list|grep lb-mgmt-sec-grp|awk '{print $2}')
amp_boot_network_list=$(openstack network list|grep lb-mgmt-net|awk '{print $2}')

openstack-config --set /etc/octavia/octavia.conf database connection mysql+pymysql://octavia:OCTAVIA_DBPASS@controller/octavia
openstack-config --set /etc/octavia/octavia.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/octavia/octavia.conf oslo_messaging topic octavia_prov
openstack-config --set /etc/octavia/octavia.conf api_settings bind_host 0.0.0.0
openstack-config --set /etc/octavia/octavia.conf api_settings bind_port 9876
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken auth_type password
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken project_name admin
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken username octavia
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken password OCTAVIA_PASS
openstack-config --set /etc/octavia/octavia.conf service_auth auth_url http://controller:5000
openstack-config --set /etc/octavia/octavia.conf service_auth memcached_servers controller:11211
openstack-config --set /etc/octavia/octavia.conf service_auth auth_type password
openstack-config --set /etc/octavia/octavia.conf service_auth project_domain_name default
openstack-config --set /etc/octavia/octavia.conf service_auth user_domain_name default
openstack-config --set /etc/octavia/octavia.conf service_auth project_name admin
openstack-config --set /etc/octavia/octavia.conf service_auth username octavia
openstack-config --set /etc/octavia/octavia.conf service_auth password OCTAVIA_PASS
openstack-config --set /etc/octavia/octavia.conf certificates server_certs_key_passphrase insecure-key-do-not-use-this-key
openstack-config --set /etc/octavia/octavia.conf certificates ca_private_key_passphrase not-secure-passphrase
openstack-config --set /etc/octavia/octavia.conf certificates ca_private_key /etc/octavia/certs/private/server_ca.key.pem
openstack-config --set /etc/octavia/octavia.conf certificates ca_certificate /etc/octavia/certs/server_ca.cert.pem
openstack-config --set /etc/octavia/octavia.conf haproxy_amphora server_ca /etc/octavia/certs/server_ca-chain.cert.pem
openstack-config --set /etc/octavia/octavia.conf haproxy_amphora client_cert /etc/octavia/certs/private/client.cert-and-key.pem
openstack-config --set /etc/octavia/octavia.conf health_manager bind_port 5555
openstack-config --set /etc/octavia/octavia.conf health_manager bind_ip 192.168.0.2
openstack-config --set /etc/octavia/octavia.conf health_manager controller_ip_port_list 192.168.0.2:5555
amp_image_owner_id=$(openstack project list|grep admin|awk '{print $2}')
amp_secgroup_list=$(openstack security group list|grep lb-mgmt-sec-grp|awk '{print $2}')
amp_boot_network_list=$(openstack network list|grep lb-mgmt-net|awk '{print $2}')
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_image_owner_id $amp_image_owner_id
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_image_tag amphora
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_ssh_key_name mykey
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_secgroup_list $amp_secgroup_list
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_boot_network_list $amp_boot_network_list
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_flavor_id 200
openstack-config --set /etc/octavia/octavia.conf controller_worker network_driver allowed_address_pairs_driver
openstack-config --set /etc/octavia/octavia.conf controller_worker compute_driver compute_nova_driver
openstack-config --set /etc/octavia/octavia.conf controller_worker amphora_driver amphora_haproxy_rest_driver
openstack-config --set /etc/octavia/octavia.conf controller_worker client_ca /etc/octavia/certs/client_ca.cert.pem

8.Populate the octavia database:

octavia-db-manage --config-file /etc/octavia/octavia.conf upgrade head
systemctl restart octavia-api octavia-health-manager octavia-housekeeping octavia-worker

code

yum install -y openstack-octavia-api openstack-octavia-health-manager openstack-octavia-housekeeping openstack-octavia-worker python-octavia python-octaviaclient
git clone https://opendev.org/openstack/octavia.git
cd octavia/bin/
source create_dual_intermediate_CA.sh
sudo mkdir -p /etc/octavia/certs/private
sudo chmod 755 /etc/octavia -R
sudo cp -p etc/octavia/certs/server_ca.cert.pem /etc/octavia/certs
sudo cp -p etc/octavia/certs/server_ca-chain.cert.pem /etc/octavia/certs
sudo cp -p etc/octavia/certs/server_ca.key.pem /etc/octavia/certs/private
sudo cp -p etc/octavia/certs/client_ca.cert.pem /etc/octavia/certs
sudo cp -p etc/octavia/certs/client.cert-and-key.pem /etc/octavia/certs/private
chown octavia:octavia -R /etc/octavia/certs/
openstack security group create lb-mgmt-sec-grp
openstack security group rule create --protocol icmp lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 22 lb-mgmt-sec-grp
openstack security group rule create --protocol tcp --dst-port 9443 lb-mgmt-sec-grp
openstack security group create lb-health-mgr-sec-grp
openstack security group rule create --protocol udp --dst-port 5555 lb-health-mgr-sec-grp
ssh-keygen
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
cd $HOME
sudo mkdir -m755 -p /etc/dhcp/octavia
sudo cp octavia/etc/dhcp/dhclient.conf /etc/dhcp/octavia
openstack network create lb-mgmt-net
openstack subnet create --subnet-range 192.168.0.0/24 --allocation-pool       start=192.168.0.100,end=192.168.0.200 --network lb-mgmt-net lb-mgmt-subnet
OCTAVIA_MGMT_PORT_IP=192.168.0.2
SUBNET_ID=$(openstack subnet show lb-mgmt-subnet -f value -c id)
PORT_FIXED_IP="--fixed-ip subnet=$SUBNET_ID,ip-address=$OCTAVIA_MGMT_PORT_IP"
MGMT_PORT_ID=$(openstack port create --security-group lb-health-mgr-sec-grp --device-owner Octavia:health-mgr --host=$(hostname) -c id -f value --network lb-mgmt-net $PORT_FIXED_IP octavia-health-manager-listen-port)
MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
ip link add o-hm0 type veth peer name o-bhm0
NETID=$(openstack network show lb-mgmt-net -c id -f value)
BRNAME=brq$(echo $NETID|cut -c 1-11)
brctl addif $BRNAME o-bhm0
ip link set o-bhm0 up
ip link set dev o-hm0 address $MGMT_PORT_MAC
dhclient -v o-hm0 -cf /etc/dhcp/octavia
openstack-config --set /etc/octavia/octavia.conf database connection mysql+pymysql://octavia:OCTAVIA_DBPASS@controller/octavia
openstack-config --set /etc/octavia/octavia.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/octavia/octavia.conf oslo_messaging topic octavia_prov
openstack-config --set /etc/octavia/octavia.conf api_settings bind_host 0.0.0.0
openstack-config --set /etc/octavia/octavia.conf api_settings bind_port 9876
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken auth_type password
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken project_name admin
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken username octavia
openstack-config --set /etc/octavia/octavia.conf keystone_authtoken password OCTAVIA_PASS
openstack-config --set /etc/octavia/octavia.conf service_auth auth_url http://controller:5000
openstack-config --set /etc/octavia/octavia.conf service_auth memcached_servers controller:11211
openstack-config --set /etc/octavia/octavia.conf service_auth auth_type password
openstack-config --set /etc/octavia/octavia.conf service_auth project_domain_name default
openstack-config --set /etc/octavia/octavia.conf service_auth user_domain_name default
openstack-config --set /etc/octavia/octavia.conf service_auth project_name admin
openstack-config --set /etc/octavia/octavia.conf service_auth username octavia
openstack-config --set /etc/octavia/octavia.conf service_auth password OCTAVIA_PASS
openstack-config --set /etc/octavia/octavia.conf certificates server_certs_key_passphrase insecure-key-do-not-use-this-key
openstack-config --set /etc/octavia/octavia.conf certificates ca_private_key_passphrase not-secure-passphrase
openstack-config --set /etc/octavia/octavia.conf certificates ca_private_key /etc/octavia/certs/private/server_ca.key.pem
openstack-config --set /etc/octavia/octavia.conf certificates ca_certificate /etc/octavia/certs/server_ca.cert.pem
openstack-config --set /etc/octavia/octavia.conf haproxy_amphora server_ca /etc/octavia/certs/server_ca-chain.cert.pem
openstack-config --set /etc/octavia/octavia.conf haproxy_amphora client_cert /etc/octavia/certs/private/client.cert-and-key.pem
openstack-config --set /etc/octavia/octavia.conf health_manager bind_port 5555
openstack-config --set /etc/octavia/octavia.conf health_manager bind_ip 192.168.0.2
openstack-config --set /etc/octavia/octavia.conf health_manager controller_ip_port_list 192.168.0.2:5555
amp_image_owner_id=$(openstack project list|grep admin|awk '{print $2}')
amp_secgroup_list=$(openstack security group list|grep lb-mgmt-sec-grp|awk '{print $2}')
amp_boot_network_list=$(openstack network list|grep lb-mgmt-net|awk '{print $2}')
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_image_owner_id $amp_image_owner_id
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_image_tag amphora
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_ssh_key_name mykey
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_secgroup_list $amp_secgroup_list
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_boot_network_list $amp_boot_network_list
openstack-config --set /etc/octavia/octavia.conf controller_worker amp_flavor_id 200
openstack-config --set /etc/octavia/octavia.conf controller_worker network_driver allowed_address_pairs_driver
openstack-config --set /etc/octavia/octavia.conf controller_worker compute_driver compute_nova_driver
openstack-config --set /etc/octavia/octavia.conf controller_worker amphora_driver amphora_haproxy_rest_driver
openstack-config --set /etc/octavia/octavia.conf controller_worker client_ca /etc/octavia/certs/client_ca.cert.pem
octavia-db-manage --config-file /etc/octavia/octavia.conf upgrade head
systemctl restart octavia-api octavia-health-manager octavia-housekeeping octavia-worker

添加 Load Balancers 页面

git clone https://github.com/openstack/octavia-dashboard.git -b stable/train
cd /root/octavia/octavia-dashboard
python setup.py install
cd /root/octavia/octavia-dashboard/octavia_dashboard/enabled
cp _1482_project_load_balancer_panel.py /usr/share/openstack-dashboard/openstack_dashboard/enabled/
cd /usr/share/openstack-dashboard
echo yes|./manage.py collectstatic
./manage.py compress
systemctl restart httpd