*转载*耶鲁大学校长给计算机学生的建议(耶鲁大学 计算机)
681
2022-05-30
华为公有云是支持openstack接口的公有云,因此我们可以直接用原生的Cloudfoundry对接OpenStack的方案在华为云上进行CF部署。
部署架构图如下图所示,安装人员需要一台普通的VM主机(对应图中蓝色BOSH CLI),用于控制全局。这个机器就是我们用于管理整个cloudfoundry的Linux机器。该主机可以是Centos7或者Ubuntu16.4,后续我们以国内常用的Ubuntu16.4主机作为范本进行安装部署。
bosh官方对接openstack部署cf文档详见[https://bosh.io/docs/init-openstack/]
1. 准备运行环境
ECS VM
ubuntu 16.04
VPC
包括三个网络
network_id1="a95cd147-689c-483a-90ca-dae8c2ed938a "
network_id2="2acd71a7-4cdc-4472-a3f4-86438ad2521b"
network_id3="f57eec08-4e7a-4375-9783-339c937e4f22"
用作整个 Bosh 和 Cloud Foundry 的网络运行环境
Network1: 10.0.1.0/24
Private ip
10.0.1.51
Security Group
为网络环境设置访问权限
EIP
与bosh director绑定,提供公网 IP,用于登录bosh director进行后续cf的部署
160.44.206.37
ruby
2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
bosh
bosh-cli-3.0.1-linux-amd64
Cloudfoundry cli
cf-cli_6.33.0_linux_x86-64
Directory vm
Eip: 160.44.206.37
Private ip: 10.0.1.10
如下运行环境均可以手动创建,也可以使用下面介绍的terraform工具进行自动创建
1.1.准备一台ubuntu 16.04的执行机,用以安装bosh cli和cloudfoundry cli执行部署cf的命令,以及后面部署cf成功后调用cf命令在cf上部署应用,登录这台执行机进行1.2步骤的操作
1.2.使用terraform创建安装bosh需要的公有云资源
terraform模板参考:https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates/tree/master/bosh-init-tf
该模板在公有云上会创建的资源如下:
VPC(1个)
Security Group(1个)
EIP(1个)
1.2.1 下载创建bosh需要的公有云资源模板
$ git clone https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates
$ cd bosh-openstack-environment-templates/bosh-init-tf/
$ ./generate_ssh_keypair.sh //生成bosh.pem秘钥,用于登录后续cf相关的vm机器
$ cp terraform.tfvars.template terraform.tfvars
1.2.2 配置华为云信息
修改配置文件中的值为自己公有云上的信息,如何获取?在华为云右上角点击你自己的用户名->基本信息->管理我的凭证(My Credential)中获取domain_name,project_name(也就是tenant_name)和project_id,domain_name,user_name。如果是中文没有明确的domain字样,可以点击左下角切换到英文。在华为云endpoints列表中获取AZ信息
$ vi terraform.tfvars
auth_url = "https://iam.cn-south-1.myhwclouds.com:443/v3"
domain_name = "domain_name"
user_name = "openstack_user"
password = "openstack_password"
tenant_name = "cn-south-1"
region_name = "cn-south-1"
availability_zone = "cn-south-1a"
ext_net_name = "admin_external_e" //在huawei公有云上该值为固定值
ext_net_id = "0a2228f2-7f8a-45f1-8e09-9039e1d09975" //在huawei公有云上该值为固定值
# in case your OpenStack needs custom nameservers
# dns_nameservers = 8.8.8.8,100.125.4.25(your_own_system_private_ip) //如果后续cf的出口要用私有域名,那这的dns服务器地址一定要配置成私有dns服务器对应的dns ip, //否则后面的私有域名无法解析,也就无法被访问,也就会导致登录不上
1.2.2 配置好以后下载terraform二进制执行文件,运行terraform命令创建资源
$ wget https://releases.hashicorp.com/terraform/0.10.7/terraform_0.10.7_linux_amd64.zip
$ unzip terraform_0.10.7_linux_amd64. ip
$ ./terraform init //初始化terraform配
$ ./terraform apply //使用terraform创建资源
...
Apply complete! Resources: 11 added, 0 changed, 0 destroyed.
Outputs:
default_key_name = bosh
default_security_groups = [bosh]
external_ip = 160.44.206.37
internal_cidr = 10.0.1.0/24
internal_gw = 10.0.1.1
internal_ip = 10.0.1.10
net_dns = [8.8.8.8]
net_id = a95cd147-689c-483a-90ca-dae8c2ed938a
router_id = bdc24a70-6a56-485e-a733-15612925759b
注: 创建成功以后要记录好回显的信息,作为后面的bosh director的创建的参数入
1.2.3 (Option)如果配置有问题,或者想清理已经创建的数据可以使用如下命令进行清理
$./terraform destroy
2. 安装bosh director
2.1 以root用户登录到第一步创建的ubuntu执行机器上
$ apt-get update
$ sudo apt-get install -y build-essential zlibc zlib1g-dev ruby ruby-dev openssl libxslt-dev libxml2-dev libssl-dev libreadline6 libreadline6-dev libyaml-dev libsqlite3-dev sqlite3
$ ruby –v
ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
2.2安装bosh cli
$ wget https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-3.0.1-linux-amd64
$ chmod +x bosh-cli-3.0.1-linux-amd64
$ sudo mv ~/bosh-cli-3.0.1-linux-amd64 /usr/local/bin/bosh
$ bosh -v
version 3.0.1-712bfd7-2018-03-13T23:26:43Z
Succeeded
2.3创建director,也就是刚开始部署图里面绿色方框部分
$ cd /root
$ mkdir bosh-1 && cd bosh-1
$ git clone https://github.com/cloudfoundry/bosh-deployment
// 修改虚拟机flavor类型为公有云支持的类型s2.large.2
$ vi bosh-deployment/openstack/cpi.yml
- type: replace
path: /resource_pools/name=vms/cloud_properties?
value:
instance_type: s2.large.2
availability_zone: ((az))
// 修改虚拟机flavor类型为公有云支持的类型s2.large.2、s2.large.8
$ vi bosh-deployment/openstack/cloud-config.yml
vm_types:
- name: default
cloud_properties:
instance_type: s2.large.2
- name: large
cloud_properties:
instance_type: s2.large.8
$ bosh create-env bosh-deployment/bosh.yml \
--state=state.json \
--vars-store=creds.yml \
-o bosh-deployment/openstack/cpi.yml \
-o bosh-deployment/external-ip-with-registry-not-recommended.yml \
-v director_name=bosh-1 \
-v internal_cidr=10.0.1.0/24 \
-v internal_gw=10.0.1.1 \
-v internal_ip=10.0.1.10 \
-v external_ip=160.44.206.37 \
-v auth_url=https://iam.cn-south-1.myhwclouds.com:443/v3 \
-v default_key_name=bosh \
-v default_security_groups=[bosh] \
-v net_id=a95cd147-689c-483a-90ca-dae8c2ed938a \
-v openstack_password=password \
-v openstack_username=cloud_user \
-v openstack_domain=cloud_domamin \
-v openstack_project=project_name \
-v private_key=./bosh.pem \
-v az=cn-south-1a \
-v region=cn-south-1
注:如果包下不下来,可以自己在本地下载后上传到执行机中,并把bosh-deployment/openstack/cpi.yml文件
vi bosh-deployment/openstack/cpiy l 中的相应包路径进行修改, -v state_timeout=30000
-v openstack_flavor=s2.large.2 \ 上传镜像超时设置,和创建虚拟机时候的flavor虚拟机规格设置在bosh cli
v2中也没有生效,需要手动在bosh-deployment/openstack/cpi.yml文件文档中添加或者修改
- type: replace
path: /instance_groups/name=bosh/properties/openstack?
value: &openstack
auth_url: ((auth_url))
username: ((openstack_username))
api_key: ((openstack_password))
domain: ((openstack_domain))
project: ((openstack_project))
region: ((region))
default_key_name: ((default_key_name))
default_security_groups: ((default_security_groups))
state_timeout: 30000
human_readable_vm_names: true
2.4登录bosh director
$export BOSH_ENVIRONMENT=160.44.206.37
# Configure local alias
$ bosh alias-env bosh-1 -e 119.3.21.3 --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
# Log in to the Director
$ export BOSH_CLIENT=admin
$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
$ bosh -e bosh-1 l //登录bosh director
Using environment '119.3.21.3'
Using environment '119.3.21.3' as client 'admin'
Logged in to '119.3.21.3'
Succeeed
$ bosh envs
登录bosh director方法2
$ bosh int creds.yml --path /jumpbox_ssh/private_key > jumpbox.key
$ chmod 600 jumpbox.key
$ ssh jumpbox@external-or-internal-ip -i jumpbox.key
3. 安装cloudfoundry
3.1 安装cf cli
$ wget -c "https://cli.run.pivotal.io/stable?release=linux64-binary&source=github" -O cf-cli_6.33.0_linux_x86-64.tgz
$ tar -xzvf cf-cli_6.33.0_linux_x86-64.tgz -C /usr/local/bin
$ cf -v
cf version 6.36.1+e3799ad7e.2018-04-04
3.2 使用cf-deployment进行部署
3.2.1再次使用terraform创建安装cf的时候需要的共有云资源
将 terraform工程 https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates/tree/master/cf-deployment-tf 下载到执行机上面,配置好terraform全局变量,运行如下命令创建cf所需资源
$ terraform init
$ terraform apply
创建完成后注意查看回显信息,回显信息中有下面步骤中所需要的网络信息,包括在同一个VPC下创建的三个不同网段的子网信息。
3.2.2下载cf-deployment工程
git clone https://github.com/cloudfoundry/cf-deployment.git
注:也可以下载 cf-deployment的历史版本https://github.com/cloudfoundry/cf-deployment/releases
3.2.3 修改instance_type为公有云自己的instance_type。修改文件为iaas-support/openstack/cloud-config.yml
3.2.4 上传stemcell镜像文件
cd /root/bosh-1/
wget https://s3.amazonaws.com/bosh-core-stemcells/openstack/bosh-stemcell-3541.10-openstack-kvm-ubuntu-trusty-go_agent.tgz
bosh upload-stemcell bosh-stemcell-3541.10-openstack-kvm-ubuntu-trusty-go_agent.tgz
3.2.5 指定cf deployment的相关配置信息,包括AZ域,子网信息为3.1创建的子网信息。
cd /root/bosh-1
bosh update-cloud-config \
-v availability_zone1="cn-south-1a" \
-v availability_zone2="cn-south-1a" \
-v availability_zone3="cn-south-1a \
-v network_id1="a95cd147-689c-483a-90ca-dae8c2ed938a" \
-v network_id2="2acd71a7-4cdc-4472-a3f4-86438ad2521b" \
-v network_id3="f57eec08-4e7a-4375-9783-339c937e4f22" \
cf-deployment/iaas-support/openstack/cloud-config.yml
3.2.6 部署cloudfoundry
方案一:以下为部署带loadbalance服务的cf方案
bosh -d cf deploy cf-deployment/cf-deployment.yml \
-o cf-deployment/operations/use-compiled-releases.yml \
-o cf-deployment/operations/openstack.yml \
--vars-store cf-vars.yml \
-v system_domain="example.com"
方案二:使用haproxy方案,该方案不用装loadbalance资源
https://bosh.io/docs/cloud-config/
在/root/bosh-1/cf-deployment/iaas-support/openstack/cloud-config.yml文件中
添加haproxy的私有ip为static ip到你的网络中
- az: z1
range: 10.0.1.0/20
reserved: [10.0.1.2-10.0.1.50]
gateway: 10.0.1.1
static: [10.0.1.51]
cloud_properties:
net_id: ((network_id1))
security_groups: [cf]
跟loadbalancer方案不一样的地方是需要添加一个配置文件use-haproxy.yml,已经haproxy用到的private ip(10.0.1.51),该ip可以是在你network id1网段以内没有使用的任意一个私有ip。
bosh -e bosh-1 -d openstack-cf deploy cf-deployment/cf-deployment.yml \
--vars-store cf-vars.yml \
-v system_domain=example.com \
-v haproxy_private_ip=10.0.1.51 \
-o cf-deployment/operations/openstack.yml \
-o cf-deployment/operations/use-haproxy.yml
4.登录cf
cf login -a https://api.example.com --skip-ssl-validation -u admin -p `bosh int ./cf-vars.yml --path /cf_admin_password`
API endpoint: https://api.example.com
Email> admin
Password>
Authenticating...
OK
Targeted org mycloud
API endpoint: https://api.example.com (API version: 2.51.0)
User: admin
Org: mycloud
Space: No space targeted, use 'cf target -s SPACE'
5 部署应用
在部署应用时,如果cf需要下载关联包,那么需要cf的vm主机能上互联网,默认主机无法上网,需要申请华为NAT网关服务,把所有网络子网全部加入到SNAT中,并统一通过该NAT上互联网
5.1 创建并指定空间
默认创建名为mycloud的组织org,以及名为development的space空间,一个org组织下可以包含多个空间,每个空间下可以部署多个应用
$ cf create-space development
Creating space development in org mycloud as admin...
OK
Assigning role RoleSpaceManager to user admin in org mycloud / space development as admin...
OK
Assigning role RoleSpaceDeveloper to user admin in org mycloud / space development as admin...
OK
TIP: Use 'cf target -o "mycloud" -s "development"' to target new space
$ cf target -o "mycloud" -s "development"
api endpoint: https://api.example.com
api version: 2.51.0
user: admin
org: mycloud
space: development
5.2 下载示例应用demo
$ git clone https://github.com/cloudfoundry-samples/cf-php-demo
5.3 修改 manifest.yml文件
其中域名为自己的域名,与部署cf时填写的域名一致,这里为example.com
$ cd cf-php-demo/
$ vi manifest.yml
---
applications:
- name: cf-php-demo
memory: 128M
instances: 1
host: cf-php-demo
domain: example.com
path: .
buildpack: https://github.com/dmikusa-pivotal/cf-php-apache-buildpack.git
5.4推送应用
cf push myapp -b php_buildpack
注:如果push应用的时候仍然报错包下载问题,可进行如下配置国外代理代理解决cf里面vm不能上网导致无法安装的问题。建议尽可能外部编译好再上传应用。
cf set-env myapp http_proxy "http://user:password@ip"
cf set-env myapp https_proxy "http://user:password@ip"
cf set-env myapp no_proxy "172.0.0.0/8,localhost,192.168.0.0/16,10.0.0.0/8,122.112.204.189"
也可以把代理配置直接写入manifest.yml文件:
vi manifest.yml
---applications:
- name: cf-php-demo
memory: 128M
instances: 1
host: cf-php-demo
path: .
env:
http_proxy: http://7.90.3.13:250
https_proxy: http://7.90.3.38:250
no_proxy: 172.0..,localhost,127.0.0.1,10.0..,.hwclouds-dns.com,.novalocal,.example.com
弹性云服务器 ECS 网络
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。