[转载]Cloudfoundry对接华为公有云部署指南

华为公有云是支持openstack接口的公有云，因此我们可以直接用原生的Cloudfoundry对接OpenStack的方案在华为云上进行CF部署。

部署架构图如下图所示，安装人员需要一台普通的VM主机（对应图中蓝色BOSH CLI），用于控制全局。这个机器就是我们用于管理整个cloudfoundry的Linux机器。该主机可以是Centos7或者Ubuntu16.4，后续我们以国内常用的Ubuntu16.4主机作为范本进行安装部署。

bosh官方对接openstack部署cf文档详见[https://bosh.io/docs/init-openstack/]

1.     准备运行环境

ECS VM

ubuntu 16.04

VPC

包括三个网络

network_id1="a95cd147-689c-483a-90ca-dae8c2ed938a "

network_id2="2acd71a7-4cdc-4472-a3f4-86438ad2521b"

network_id3="f57eec08-4e7a-4375-9783-339c937e4f22"

用作整个 Bosh 和 Cloud Foundry 的网络运行环境

Network1: 10.0.1.0/24

Private ip

10.0.1.51

Security Group

为网络环境设置访问权限

EIP

与bosh director绑定，提供公网 IP，用于登录bosh director进行后续cf的部署

160.44.206.37

ruby

2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]

bosh

bosh-cli-3.0.1-linux-amd64

Cloudfoundry cli

cf-cli_6.33.0_linux_x86-64

Directory vm

Eip: 160.44.206.37

Private ip: 10.0.1.10

如下运行环境均可以手动创建，也可以使用下面介绍的terraform工具进行自动创建

1.1.准备一台ubuntu 16.04的执行机，用以安装bosh cli和cloudfoundry cli执行部署cf的命令，以及后面部署cf成功后调用cf命令在cf上部署应用，登录这台执行机进行1.2步骤的操作

1.2.使用terraform创建安装bosh需要的公有云资源

terraform模板参考：https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates/tree/master/bosh-init-tf

该模板在公有云上会创建的资源如下：

VPC（1个）

Security Group（1个）

EIP（1个）

1.2.1          下载创建bosh需要的公有云资源模板

$ git clone https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates

$ cd bosh-openstack-environment-templates/bosh-init-tf/

$ ./generate_ssh_keypair.sh                         //生成bosh.pem秘钥，用于登录后续cf相关的vm机器

$ cp terraform.tfvars.template terraform.tfvars

1.2.2 配置华为云信息

修改配置文件中的值为自己公有云上的信息,如何获取？在华为云右上角点击你自己的用户名->基本信息->管理我的凭证(My Credential)中获取domain_name，project_name(也就是tenant_name)和project_id,domain_name,user_name。如果是中文没有明确的domain字样，可以点击左下角切换到英文。在华为云endpoints列表中获取AZ信息

$ vi terraform.tfvars

auth_url = "https://iam.cn-south-1.myhwclouds.com:443/v3"

domain_name = "domain_name"

user_name = "openstack_user"

password = "openstack_password"

tenant_name = "cn-south-1"

region_name = "cn-south-1"

availability_zone = "cn-south-1a"

ext_net_name = "admin_external_e"                     //在huawei公有云上该值为固定值

ext_net_id = "0a2228f2-7f8a-45f1-8e09-9039e1d09975"   //在huawei公有云上该值为固定值

# in case your OpenStack needs custom nameservers

# dns_nameservers = 8.8.8.8，100.125.4.25（your_own_system_private_ip） //如果后续cf的出口要用私有域名，那这的dns服务器地址一定要配置成私有dns服务器对应的dns ip，        //否则后面的私有域名无法解析，也就无法被访问，也就会导致登录不上

1.2.2          配置好以后下载terraform二进制执行文件，运行terraform命令创建资源

$ wget https://releases.hashicorp.com/terraform/0.10.7/terraform_0.10.7_linux_amd64.zip

$ unzip terraform_0.10.7_linux_amd64. ip

$ ./terraform init                                       //初始化terraform配

$ ./terraform apply                                      //使用terraform创建资源

...

Apply complete! Resources: 11 added, 0 changed, 0 destroyed.

Outputs:

default_key_name = bosh

default_security_groups = [bosh]

external_ip = 160.44.206.37

internal_cidr = 10.0.1.0/24

internal_gw = 10.0.1.1

internal_ip = 10.0.1.10

net_dns = [8.8.8.8]

net_id = a95cd147-689c-483a-90ca-dae8c2ed938a

router_id = bdc24a70-6a56-485e-a733-15612925759b

注： 创建成功以后要记录好回显的信息，作为后面的bosh director的创建的参数入

1.2.3          （Option）如果配置有问题，或者想清理已经创建的数据可以使用如下命令进行清理

$./terraform destroy

2.     安装bosh director

2.1 以root用户登录到第一步创建的ubuntu执行机器上

$ apt-get update

$ sudo apt-get install -y build-essential zlibc zlib1g-dev ruby ruby-dev openssl libxslt-dev libxml2-dev libssl-dev libreadline6 libreadline6-dev libyaml-dev libsqlite3-dev sqlite3

$ ruby –v

ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]

2.2安装bosh cli

$ wget https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-3.0.1-linux-amd64

$ chmod +x bosh-cli-3.0.1-linux-amd64

$ sudo mv ~/bosh-cli-3.0.1-linux-amd64 /usr/local/bin/bosh

$ bosh -v

version 3.0.1-712bfd7-2018-03-13T23:26:43Z

Succeeded

2.3创建director，也就是刚开始部署图里面绿色方框部分

$ cd /root

$ mkdir bosh-1 && cd bosh-1

$ git clone https://github.com/cloudfoundry/bosh-deployment

// 修改虚拟机flavor类型为公有云支持的类型s2.large.2

$ vi bosh-deployment/openstack/cpi.yml

- type: replace

path: /resource_pools/name=vms/cloud_properties?

value:

instance_type: s2.large.2

availability_zone: ((az))

// 修改虚拟机flavor类型为公有云支持的类型s2.large.2、s2.large.8

$ vi bosh-deployment/openstack/cloud-config.yml

vm_types:

- name: default

cloud_properties:

instance_type: s2.large.2

- name: large

cloud_properties:

instance_type: s2.large.8

$ bosh create-env bosh-deployment/bosh.yml \

--state=state.json \

--vars-store=creds.yml \

-o bosh-deployment/openstack/cpi.yml \

-o bosh-deployment/external-ip-with-registry-not-recommended.yml \

-v director_name=bosh-1 \

-v internal_cidr=10.0.1.0/24 \

-v internal_gw=10.0.1.1 \

-v internal_ip=10.0.1.10 \

-v external_ip=160.44.206.37 \

-v auth_url=https://iam.cn-south-1.myhwclouds.com:443/v3 \

-v default_key_name=bosh \

-v default_security_groups=[bosh] \

-v net_id=a95cd147-689c-483a-90ca-dae8c2ed938a \

-v openstack_password=password \

-v openstack_username=cloud_user \

-v openstack_domain=cloud_domamin \

-v openstack_project=project_name \

-v private_key=./bosh.pem \

-v az=cn-south-1a \

-v region=cn-south-1

注:如果包下不下来，可以自己在本地下载后上传到执行机中，并把bosh-deployment/openstack/cpi.yml文件

vi bosh-deployment/openstack/cpiy l    中的相应包路径进行修改, -v state_timeout=30000

-v openstack_flavor=s2.large.2 \ 上传镜像超时设置，和创建虚拟机时候的flavor虚拟机规格设置在bosh cli

v2中也没有生效，需要手动在bosh-deployment/openstack/cpi.yml文件文档中添加或者修改

- type: replace

path: /instance_groups/name=bosh/properties/openstack?

value: &openstack

auth_url: ((auth_url))

username: ((openstack_username))

api_key: ((openstack_password))

domain: ((openstack_domain))

project: ((openstack_project))

region: ((region))

default_key_name: ((default_key_name))

default_security_groups: ((default_security_groups))

state_timeout: 30000

human_readable_vm_names: true

2.4登录bosh director

$export BOSH_ENVIRONMENT=160.44.206.37

# Configure local alias

$ bosh alias-env bosh-1 -e 119.3.21.3 --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)

# Log in to the Director

$ export BOSH_CLIENT=admin

$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`

$ bosh -e bosh-1 l                             //登录bosh director

Using environment '119.3.21.3'

Using environment '119.3.21.3' as client 'admin'

Logged in to '119.3.21.3'

Succeeed

$ bosh envs

登录bosh director方法2

$ bosh int creds.yml --path /jumpbox_ssh/private_key > jumpbox.key

$ chmod 600 jumpbox.key

$ ssh jumpbox@external-or-internal-ip -i jumpbox.key

3.     安装cloudfoundry

3.1 安装cf cli

$ wget -c "https://cli.run.pivotal.io/stable?release=linux64-binary&source=github" -O cf-cli_6.33.0_linux_x86-64.tgz

$ tar -xzvf cf-cli_6.33.0_linux_x86-64.tgz -C /usr/local/bin

$  cf -v

cf version 6.36.1+e3799ad7e.2018-04-04

3.2 使用cf-deployment进行部署

3.2.1再次使用terraform创建安装cf的时候需要的共有云资源

将 terraform工程 https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates/tree/master/cf-deployment-tf 下载到执行机上面，配置好terraform全局变量，运行如下命令创建cf所需资源

$ terraform init /cf-deployment-tf

$ terraform apply /cf-deployment-tf

创建完成后注意查看回显信息，回显信息中有下面步骤中所需要的网络信息，包括在同一个VPC下创建的三个不同网段的子网信息。

3.2.2下载cf-deployment工程

git clone https://github.com/cloudfoundry/cf-deployment.git

注：也可以下载 cf-deployment的历史版本https://github.com/cloudfoundry/cf-deployment/releases

3.2.3 修改instance_type为公有云自己的instance_type。修改文件为iaas-support/openstack/cloud-config.yml

3.2.4 上传stemcell镜像文件

cd /root/bosh-1/

wget https://s3.amazonaws.com/bosh-core-stemcells/openstack/bosh-stemcell-3541.10-openstack-kvm-ubuntu-trusty-go_agent.tgz

bosh upload-stemcell bosh-stemcell-3541.10-openstack-kvm-ubuntu-trusty-go_agent.tgz

3.2.5 指定cf deployment的相关配置信息，包括AZ域，子网信息为3.1创建的子网信息。

cd /root/bosh-1

bosh update-cloud-config \

-v availability_zone1="cn-south-1a" \

-v availability_zone2="cn-south-1a" \

-v availability_zone3="cn-south-1a \

-v network_id1="a95cd147-689c-483a-90ca-dae8c2ed938a" \

-v network_id2="2acd71a7-4cdc-4472-a3f4-86438ad2521b" \

-v network_id3="f57eec08-4e7a-4375-9783-339c937e4f22" \

cf-deployment/iaas-support/openstack/cloud-config.yml

3.2.6 部署cloudfoundry

方案一：以下为部署带loadbalance服务的cf方案

bosh -d cf deploy cf-deployment/cf-deployment.yml \

-o cf-deployment/operations/use-compiled-releases.yml \

-o cf-deployment/operations/openstack.yml \

--vars-store cf-vars.yml \

-v system_domain="example.com"

方案二：使用haproxy方案，该方案不用装loadbalance资源

https://bosh.io/docs/cloud-config/

在/root/bosh-1/cf-deployment/iaas-support/openstack/cloud-config.yml文件中

添加haproxy的私有ip为static ip到你的网络中

- az: z1

range: 10.0.1.0/20

reserved: [10.0.1.2-10.0.1.50]

gateway: 10.0.1.1

static: [10.0.1.51]

cloud_properties:

net_id: ((network_id1))

security_groups: [cf]

跟loadbalancer方案不一样的地方是需要添加一个配置文件use-haproxy.yml，已经haproxy用到的private ip（10.0.1.51），该ip可以是在你network id1网段以内没有使用的任意一个私有ip。

bosh -e bosh-1 -d openstack-cf deploy cf-deployment/cf-deployment.yml \

--vars-store cf-vars.yml \

-v system_domain=example.com \

-v haproxy_private_ip=10.0.1.51  \

-o cf-deployment/operations/openstack.yml \

-o cf-deployment/operations/use-haproxy.yml

4.登录cf

cf login -a https://api.example.com --skip-ssl-validation -u admin -p `bosh int ./cf-vars.yml --path /cf_admin_password`

API endpoint: https://api.example.com

Email> admin

Password>

Authenticating...

OK

Targeted org mycloud

API endpoint:   https://api.example.com (API version: 2.51.0)

User:           admin

Org:            mycloud

Space:          No space targeted, use 'cf target -s SPACE'

5 部署应用

在部署应用时，如果cf需要下载关联包，那么需要cf的vm主机能上互联网，默认主机无法上网，需要申请华为NAT网关服务，把所有网络子网全部加入到SNAT中，并统一通过该NAT上互联网

5.1 创建并指定空间

默认创建名为mycloud的组织org，以及名为development的space空间，一个org组织下可以包含多个空间，每个空间下可以部署多个应用

$ cf create-space development

Creating space development in org mycloud as admin...

OK

Assigning role RoleSpaceManager to user admin in org mycloud / space development as admin...

OK

Assigning role RoleSpaceDeveloper to user admin in org mycloud / space development as admin...

OK

TIP: Use 'cf target -o "mycloud" -s "development"' to target new space

$ cf target -o "mycloud" -s "development"

api endpoint:   https://api.example.com

api version:    2.51.0

user:           admin

org:            mycloud

space:          development

5.2 下载示例应用demo

$ git clone https://github.com/cloudfoundry-samples/cf-php-demo

5.3 修改 manifest.yml文件

其中域名为自己的域名，与部署cf时填写的域名一致，这里为example.com

$ cd cf-php-demo/

$ vi manifest.yml

---

applications:

- name: cf-php-demo

memory: 128M

instances: 1

host: cf-php-demo

domain: example.com

path: .

buildpack: https://github.com/dmikusa-pivotal/cf-php-apache-buildpack.git

5.4推送应用

cf push myapp -b php_buildpack

注：如果push应用的时候仍然报错包下载问题，可进行如下配置国外代理代理解决cf里面vm不能上网导致无法安装的问题。建议尽可能外部编译好再上传应用。

cf set-env myapp http_proxy "http://user:password@ip"

cf set-env myapp https_proxy "http://user:password@ip"

cf set-env myapp no_proxy "172.0.0.0/8,localhost,192.168.0.0/16,10.0.0.0/8,122.112.204.189"

也可以把代理配置直接写入manifest.yml文件：

vi manifest.yml

---applications:

- name: cf-php-demo

memory: 128M

instances: 1

host: cf-php-demo

path: .

env:

http_proxy: http://7.90.3.13:250

https_proxy: http://7.90.3.38:250

no_proxy: 172.0..,localhost,127.0.0.1,10.0..,.hwclouds-dns.com,.novalocal,.example.com

弹性云服务器 ECS 网络

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。