如何实现oVirt与Tungsten Fabric的集成



  • 作者:Tatsuya Naganawa 译者:TF中文社区

    oVirt是一个免费开源的企业级虚拟化解决方案,基于KVM(并整合了libvirt、Gluster、PatternFly和Ansible等开源软件)提供强大的开源虚拟化功能。
    本文重点介绍oVirt与Tungsten Fabric的集成过程。
    

    使用版本

    ovirt 4.2.6.4-1.el7
    tungsten-fabric r5.0.1
    centos7.5
    编者注:本文写于2018年11月,请更新到最新版本

    建立oVirt

    oVirt安装文件
    https://ovirt.org/documentation/quickstart/quickstart-guide/

    所有的虚拟机都来自centos7 libvirt

    libvirt网络如下:
    default, 192.168.122.0/24, nat
    192_168_130_0, 192.168.130.0/24, isolated

    节点如下:
    ovirt-manager: centos161, 192.168.122.161 default
    ovirt-node: centos162, 192.168.122.162, 192.168.130.162, default, 192_168_130_0
    ovirt-node: centos163, 192.168.122.163, 192.168.130.163, default, 192_168_130_0
    contrail-controller: centos164, 192.168.122.164, 192.168.130.164: default, 192_168_130_0

    • 4vcpu, 8GB mem (24GB for contrail-controller), 48GB disk

    oVirt设置

          --== CONFIGURATION PREVIEW ==--
    
          Application mode                        : both
          Default SAN wipe after delete           : False
          Firewall manager                        : firewalld
          Update Firewall                         : True
          Host FQDN                               : centos161
          Configure local Engine database         : True
          Set application as default page         : True
          Configure Apache SSL                    : True
          Engine database secured connection      : False
          Engine database user name               : engine
          Engine database name                    : engine
          Engine database host                    : localhost
          Engine database port                    : 5432
          Engine database host name validation    : False
          Engine installation                     : True
          PKI organization                        : Test
          Set up ovirt-provider-ovn               : True
          Configure WebSocket Proxy               : True
          DWH installation                        : True
          DWH database host                       : localhost
          DWH database port                       : 5432
          Configure local DWH database            : True
          Configure Image I/O Proxy               : True
          Configure VMConsole Proxy               : True
    
          Please confirm installation settings (OK, Cancel) [OK]:
    

    节点设置

    1、添加两台主机和一个NFS数据域。

    注意:需要指定cpu类型“cpu-model”:

    6e291812-907c-4b4c-aefe-37a292c7f3b2-image.png
    afce7780-39f6-4c4d-a9f0-e16fc124f7f5-image.png

    2、从ovirt glance导入cirros镜像。

    3、在两台主机上创建cirros虚拟机,并检查虚拟机是否运行良好。

    安装Tungsten Fabric

    使用Tungsten Fabric r5.0.1版本
    https://hub.docker.com/u/tungstenfabric/

    以及ansible-deployer来安装OpenStack neutron / keystone
    https://github.com/Juniper/contrail-ansible-deployer/wiki/Contrail-with-Openstack-Kolla

    • instance.yaml
    provider_config:
      bms:
        ssh_pwd: root
        ssh_user: root
        domainsuffix: local
        ntpserver: 0.centos.pool.ntp.org
    instances:
      bms1:
        provider: bms
        ip: 192.168.122.164
        roles:
          config_database:
          config:
          control:
          analytics_database:
          analytics:
          webui:
          openstack:
      bms11:
        provider: bms
        ip: 192.168.122.162
        roles:
          vrouter:
            PHYSICAL_INTERFACE: eth1
            VROUTER_GATEWAY: 192.168.130.1
          openstack_compute:
      bms12:
        provider: bms
        ip: 192.168.122.163
        roles:
          vrouter:
            PHYSICAL_INTERFACE: eth1
            VROUTER_GATEWAY: 192.168.130.1
          openstack_compute:
    contrail_configuration:
      RABBITMQ_NODE_PORT: 5673
      AUTH_MODE: keystone
      KEYSTONE_AUTH_URL_VERSION: /v3
      CONTRAIL_VERSION: r5.0.1
    kolla_config:
      kolla_globals:
        enable_haproxy: no
        enable_swift: no
      kolla_passwords:
        keystone_admin_password: contrail123
    global_configuration:
      CONTAINER_REGISTRY: tungstenfabric
    

    对于ovirt-nodes,必须指定“vrouter”和“nova_compute”角色。

    还需要明确指定PHYSICAL_INTERFACE,VROUTER_GATEWAY,以使vrouter能够使用eth1(与ovirtmgmt不同的NIC)。

    终止nova_compute, nova_libvirt

    由于vdsm使用了libvirt端口,因此需要终止nova_libvirt。

    # docker stop nova_compute nova_libvirt
    # docker rm nova_compute nova_libvirt
    # reboot
    

    创建OpenStack虚拟网络

    键入下面的命令,以在Tungsten Fabric上创建虚拟网络。

    # source /etc/kolla/kolla-toolbox/admin-openrc.sh
    # openstack network create vn1
    # openstack subnet create --subnet-range 10.0.1.0/24 --network vn1 subnet1
    

    设置oVirt neutron提供程序

    使用下面的参数,创建Tungsten Fabric提供程序。

    Name: tungsten-fabric
    Network Plugin: LINUX_BRIDGE
    Provider URL: http://192.168.122.164:9696
    Read-Only: Checked
    Requires Authentication: Checked
    Username: admin
    Password: contrail123
    Tenant /name: admin
    Authentication URL: http://192.168.122.164:35357/v2.0
    

    从Tungsten Fabric导入虚拟网络

    添加vdsm hook

    在下面的目录找到文件:
    /usr/libexec/vdsm/hooks/after_device_create/60_tungsten-fabric

    • 注意:部署时需要给出tf_controller_ip
    #!/usr/bin/python
    import os
    import requests
    
    tf_controller_ip='192.168.122.164'
    vnic_id=os.environ['vnic_id']
    
    re = requests.get('http://{}:8082/virtual-machine-interface/{}'.format (tf_controller_ip, vnic_id))
    js = re.json()['virtual-machine-interface']
    mac_addr =  js['virtual_machine_interface_mac_addresses']['mac_address'][0]
    vm_id = js['virtual_machine_refs'][0]['to'][0]
    vn_id = js['virtual_network_refs'][0]['uuid']
    
    cmd = "/var/lib/docker/volumes/opt_plugin/_data/bin/vrouter-port-control --oper=add --uuid={} --instance_uuid={} --vn_uuid={} --vm_name='' --ip_address='0.0.0.0' --ipv6_address=None --tap_name=tap{} --mac='{}' --rx_vlan_id=-1 --tx_vlan_id=-1".format(vnic_id, vm_id, vn_id, vnic_id[:11], mac_addr)
    
    os.popen(cmd).read()
    # chmod 755 /usr/libexec/vdsm/hooks/after_device_create/60_tungsten-fabric
    # chmod 755 /var/lib/docker/volumes/
    

    创建虚拟机并将vNIC附加到TF虚拟网络上

    登录到cirros并检查是否能正常ping通:

    # ping 10.0.1.1 # gw-ip  
    # ping 10.0.1.2 # service-ip  
    # ping (cirros ip on different ovirt node)
    
    [root@centos163 ~]# ip -o a
    1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lftforever
    1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
    21: ovirtmgmt    inet 192.168.122.163/24 brd 192.168.122.255 scope global ovirtmgmt\       valid_lft forever preferred_lft forever
    21: ovirtmgmt    inet6 fe80::5054:ff:fe7b:b7ac/64 scope link \       valid_lftforever preferred_lft forever
    25: vhost0    inet 192.168.130.163/24 brd 192.168.130.255 scope global vhost0\      valid_lft forever preferred_lft forever
    25: vhost0    inet6 fe80::5054:ff:fecf:54be/64 scope link \       valid_lft forever preferred_lft forever
    26: docker0    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0\      valid_lft forever preferred_lft forever
    27: genev_sys_6081    inet6 fe80::c8b:b5ff:fe21:bbed/64 scope link \       valid_lft forever preferred_lft forever
    28: pkt0    inet6 fe80::f806:bcff:fe7d:fe28/64 scope link \       valid_lft forever preferred_lft forever
    30: tapec01038d-44    inet6 fe80::fc1a:4aff:fe16:105/64 scope link \       valid_lft forever preferred_lft forever
    [root@centos163 ~]#
    [root@centos163 ~]# ip route
    default via 192.168.122.1 dev ovirtmgmt
    169.254.0.0/16 dev ovirtmgmt scope link metric 1021
    169.254.0.3 dev vhost0 proto 109 scope link
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
    192.168.122.0/24 dev ovirtmgmt proto kernel scope link src 192.168.122.163
    192.168.130.0/24 dev vhost0 proto kernel scope link src 192.168.130.163
    [root@centos163 ~]#
    [root@centos163 ~]# ssh cirros@169.254.0.3
    The authenticity of host '169.254.0.3 (169.254.0.3)' can't be established.
    ECDSA key fingerprint is SHA256:HVJoTV0MGH9/T8bIw0aofzX7rCAphKDgts36YAXxpoo.
    ECDSA key fingerprint is MD5:03:55:f1:dd:53:ed:c9:87:62:fd:e6:3a:bb:59:aa:cc.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '169.254.0.3' (ECDSA) to the list of known hosts.
    cirros@169.254.0.3's password:
    $
    $ ip -o a
    1: lo:  mtu 65536 qdisc noqueue qlen 1\    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
    1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
    2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000\    link/ether 00:1a:4a:16:01:05 brd ff:ff:ff:ff:ff:ff
    2: eth0    inet 10.0.1.4/24 brd 10.0.1.255 scope global eth0\       valid_lft forever preferred_lft forever
    2: eth0    inet6 fe80::21a:4aff:fe16:105/64 scope link \       valid_lft forever preferred_lft forever
    $
    $ ping 10.0.1.3
    PING 10.0.1.3 (10.0.1.3): 56 data bytes
    64 bytes from 10.0.1.3: seq=0 ttl=64 time=2.855 ms
    64 bytes from 10.0.1.3: seq=1 ttl=64 time=1.852 ms
    ^C
    --- 10.0.1.3 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max = 1.852/2.353/2.855 ms
    $
    $ ssh 10.0.1.3
    
    Host '10.0.1.3' is not in the trusted hosts file.
    (ecdsa-sha2-nistp521 fingerprint md5 5f:61:d0:f8:c3:c2:aa:8d:07:95:29:b4:52:aa:06:77)
    Do you want to continue connecting? (y/n) y
    cirros@10.0.1.3's password:
    $
    $ ip -o a
    1: lo:  mtu 65536 qdisc noqueue qlen 1\    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
    1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
    2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000\    link/ether 00:1a:4a:16:01:04 brd ff:ff:ff:ff:ff:ff
    2: eth0    inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0\       valid_lft forever preferred_lft forever
    2: eth0    inet6 fe80::21a:4aff:fe16:104/64 scope link \       valid_lft forever preferred_lft forever
    $
    

    以上,我们就实现了oVirt与Tungsten Fabric的集成部署。如有更多问题,请与TF中文社区联系。

    原文链接:
    https://github.com/tnaganawa/ovirt-tungstenfabric-integration


    往期精选

    Tungsten Fabric知识库丨vRouter内部运行探秘
    Tungsten Fabric知识库丨更多组件内部探秘
    Tungsten Fabric知识库丨 构建、安装与公有云部署
    Tungsten Fabric知识库丨测试2000个vRouter节点部署
    Tungsten Fabric知识库丨关于OpenStack、K8s、CentOS安装问题的补充
    Tungsten Fabric知识库丨这里有18个TF补丁程序,建议收藏


Log in to reply