[轉載]Cloudfoundry對接華為公有云部署指南

華為公有云是支持openstack接口的公有云，因此我們可以直接用原生的Cloudfoundry對接OpenStack的方案在華為云上進行CF部署。

部署架構圖如下圖所示，安裝人員需要一臺普通的VM主機（對應圖中藍色BOSH CLI），用于控制全局。這個機器就是我們用于管理整個cloudfoundry的Linux機器。該主機可以是Centos7或者Ubuntu16.4，后續我們以國內常用的Ubuntu16.4主機作為范本進行安裝部署。

bosh官方對接openstack部署cf文檔詳見[https://bosh.io/docs/init-openstack/]

1.?????準備運行環境

ECS VM

ubuntu 16.04

VPC

包括三個網絡

network_id1="a95cd147-689c-483a-90ca-dae8c2ed938a "

network_id2="2acd71a7-4cdc-4472-a3f4-86438ad2521b"

network_id3="f57eec08-4e7a-4375-9783-339c937e4f22"

用作整個?Bosh?和?Cloud Foundry?的網絡運行環境

Network1:?10.0.1.0/24

Private ip

10.0.1.51

Security Group

為網絡環境設置訪問權限

EIP

與bosh director綁定，提供公網?IP，用于登錄bosh director進行后續cf的部署

160.44.206.37

ruby

2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]

bosh

bosh-cli-3.0.1-linux-amd64

Cloudfoundry cli

cf-cli_6.33.0_linux_x86-64

Directory vm

Eip: 160.44.206.37

Private ip: 10.0.1.10

如下運行環境均可以手動創建，也可以使用下面介紹的terraform工具進行自動創建

1.1.準備一臺ubuntu 16.04的執行機，用以安裝bosh cli和cloudfoundry cli執行部署cf的命令，以及后面部署cf成功后調用cf命令在cf上部署應用，登錄這臺執行機進行1.2步驟的操作

1.2.使用terraform創建安裝bosh需要的公有云資源

terraform模板參考：https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates/tree/master/bosh-init-tf

該模板在公有云上會創建的資源如下：

VPC（1個）

Security Group（1個）

EIP（1個）

1.2.1??????????下載創建bosh需要的公有云資源模板

$ git clone https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates

$ cd bosh-openstack-environment-templates/bosh-init-tf/

$ ./generate_ssh_keypair.sh???????????????????????? //生成bosh.pem秘鑰，用于登錄后續cf相關的vm機器

$ cp terraform.tfvars.template terraform.tfvars

1.2.2?配置華為云信息

修改配置文件中的值為自己公有云上的信息,如何獲取？在華為云右上角點擊你自己的用戶名->基本信息->管理我的憑證(My Credential)中獲取domain_name，project_name(也就是tenant_name)和project_id,domain_name,user_name。如果是中文沒有明確的domain字樣，可以點擊左下角切換到英文。在華為云endpoints列表中獲取AZ信息

$ vi terraform.tfvars

auth_url = "https://iam.cn-south-1.myhwclouds.com:443/v3"

domain_name = "domain_name"

user_name = "openstack_user"

password = "openstack_password"

tenant_name = "cn-south-1"

region_name = "cn-south-1"

availability_zone = "cn-south-1a"

ext_net_name = "admin_external_e"???????????????????? //在huawei公有云上該值為固定值

ext_net_id = "0a2228f2-7f8a-45f1-8e09-9039e1d09975"?? //在huawei公有云上該值為固定值

# in case your OpenStack needs custom nameservers

# dns_nameservers = 8.8.8.8，100.125.4.25（your_own_system_private_ip）?//如果后續cf的出口要用私有域名，那這的dns服務器地址一定要配置成私有dns服務器對應的dns ip，??????? //否則后面的私有域名無法解析，也就無法被訪問，也就會導致登錄不上

1.2.2??????????配置好以后下載terraform二進制執行文件，運行terraform命令創建資源

$ wget https://releases.hashicorp.com/terraform/0.10.7/terraform_0.10.7_linux_amd64.zip

$ unzip terraform_0.10.7_linux_amd64. ip

$ ./terraform init?????????????????????????????????????? //初始化terraform配

$ ./terraform apply????????????????????????????????????? //使用terraform創建資源

...

Apply complete! Resources: 11 added, 0 changed, 0 destroyed.

Outputs:

default_key_name = bosh

default_security_groups = [bosh]

external_ip = 160.44.206.37

internal_cidr = 10.0.1.0/24

internal_gw = 10.0.1.1

internal_ip = 10.0.1.10

net_dns = [8.8.8.8]

net_id = a95cd147-689c-483a-90ca-dae8c2ed938a

router_id = bdc24a70-6a56-485e-a733-15612925759b

注：?創建成功以后要記錄好回顯的信息，作為后面的bosh director的創建的參數入

1.2.3??????????（Option）如果配置有問題，或者想清理已經創建的數據可以使用如下命令進行清理

$./terraform destroy

2.?????安裝bosh director

2.1?以root用戶登錄到第一步創建的ubuntu執行機器上

$ apt-get update

$ sudo apt-get install -y build-essential zlibc zlib1g-dev ruby ruby-dev openssl libxslt-dev libxml2-dev libssl-dev libreadline6 libreadline6-dev libyaml-dev libsqlite3-dev sqlite3

$ ruby –v

ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]

2.2安裝bosh cli

$ wget https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-3.0.1-linux-amd64

$ chmod +x bosh-cli-3.0.1-linux-amd64

$ sudo mv ~/bosh-cli-3.0.1-linux-amd64 /usr/local/bin/bosh

$ bosh -v

version 3.0.1-712bfd7-2018-03-13T23:26:43Z

Succeeded

2.3創建director，也就是剛開始部署圖里面綠色方框部分

$ cd /root

$ mkdir bosh-1 && cd bosh-1

$ git clone https://github.com/cloudfoundry/bosh-deployment

//?修改虛擬機flavor類型為公有云支持的類型s2.large.2

$ vi bosh-deployment/openstack/cpi.yml

- type: replace

path: /resource_pools/name=vms/cloud_properties?

value:

instance_type: s2.large.2

availability_zone: ((az))

//?修改虛擬機flavor類型為公有云支持的類型s2.large.2、s2.large.8

$ vi bosh-deployment/openstack/cloud-config.yml

vm_types:

- name: default

cloud_properties:

instance_type: s2.large.2

- name: large

cloud_properties:

instance_type: s2.large.8

$ bosh create-env bosh-deployment/bosh.yml \

--state=state.json \

--vars-store=creds.yml \

-o bosh-deployment/openstack/cpi.yml \

-o bosh-deployment/external-ip-with-registry-not-recommended.yml \

-v director_name=bosh-1 \

-v internal_cidr=10.0.1.0/24 \

-v internal_gw=10.0.1.1 \

-v internal_ip=10.0.1.10 \

-v external_ip=160.44.206.37 \

-v auth_url=https://iam.cn-south-1.myhwclouds.com:443/v3 \

-v default_key_name=bosh \

-v default_security_groups=[bosh] \

-v net_id=a95cd147-689c-483a-90ca-dae8c2ed938a \

-v openstack_password=password \

-v openstack_username=cloud_user \

-v openstack_domain=cloud_domamin \

-v openstack_project=project_name \

-v private_key=./bosh.pem \

-v az=cn-south-1a \

-v region=cn-south-1

注:如果包下不下來，可以自己在本地下載后上傳到執行機中，并把bosh-deployment/openstack/cpi.yml文件

vi bosh-deployment/openstack/cpiy l ? ?中的相應包路徑進行修改, -v state_timeout=30000

-v openstack_flavor=s2.large.2 \?上傳鏡像超時設置，和創建虛擬機時候的flavor虛擬機規格設置在bosh cli

v2中也沒有生效，需要手動在bosh-deployment/openstack/cpi.yml文件文檔中添加或者修改

- type: replace

path: /instance_groups/name=bosh/properties/openstack?

value: &openstack

auth_url: ((auth_url))

username: ((openstack_username))

api_key: ((openstack_password))

domain: ((openstack_domain))

project: ((openstack_project))

region: ((region))

default_key_name: ((default_key_name))

default_security_groups: ((default_security_groups))

state_timeout: 30000

human_readable_vm_names: true

2.4登錄bosh director

$export BOSH_ENVIRONMENT=160.44.206.37

# Configure local alias

$ bosh alias-env bosh-1 -e 119.3.21.3 --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)

# Log in to the Director

$ export BOSH_CLIENT=admin

$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`

$ bosh -e bosh-1 l???????????????????????????? //登錄bosh director

Using environment '119.3.21.3'

Using environment '119.3.21.3' as client 'admin'

Logged in to '119.3.21.3'

Succeeed

$ bosh envs

登錄bosh director方法2

$ bosh int creds.yml --path /jumpbox_ssh/private_key > jumpbox.key

$ chmod 600 jumpbox.key

$ ssh jumpbox@external-or-internal-ip -i jumpbox.key

3.?????安裝cloudfoundry

3.1?安裝cf cli

$ wget -c "https://cli.run.pivotal.io/stable?release=linux64-binary&source=github" -O cf-cli_6.33.0_linux_x86-64.tgz

$ tar -xzvf cf-cli_6.33.0_linux_x86-64.tgz -C /usr/local/bin

$? cf -v

cf version 6.36.1+e3799ad7e.2018-04-04

3.2?使用cf-deployment進行部署

3.2.1再次使用terraform創建安裝cf的時候需要的共有云資源

將?terraform工程?https://github.com/cloudfoundry-incubator/bosh-openstack-environment-templates/tree/master/cf-deployment-tf?下載到執行機上面，配置好terraform全局變量，運行如下命令創建cf所需資源

$ terraform init /cf-deployment-tf

$ terraform apply /cf-deployment-tf

創建完成后注意查看回顯信息，回顯信息中有下面步驟中所需要的網絡信息，包括在同一個VPC下創建的三個不同網段的子網信息。

3.2.2下載cf-deployment工程

git clone https://github.com/cloudfoundry/cf-deployment.git

注：也可以下載?cf-deployment的歷史版本https://github.com/cloudfoundry/cf-deployment/releases

3.2.3?修改instance_type為公有云自己的instance_type。修改文件為iaas-support/openstack/cloud-config.yml

3.2.4?上傳stemcell鏡像文件

cd /root/bosh-1/

wget https://s3.amazonaws.com/bosh-core-stemcells/openstack/bosh-stemcell-3541.10-openstack-kvm-ubuntu-trusty-go_agent.tgz

bosh upload-stemcell bosh-stemcell-3541.10-openstack-kvm-ubuntu-trusty-go_agent.tgz

3.2.5?指定cf deployment的相關配置信息，包括AZ域，子網信息為3.1創建的子網信息。

cd /root/bosh-1

bosh update-cloud-config \

-v availability_zone1="cn-south-1a" \

-v availability_zone2="cn-south-1a" \

-v availability_zone3="cn-south-1a \

-v network_id1="a95cd147-689c-483a-90ca-dae8c2ed938a" \

-v network_id2="2acd71a7-4cdc-4472-a3f4-86438ad2521b" \

-v network_id3="f57eec08-4e7a-4375-9783-339c937e4f22" \

cf-deployment/iaas-support/openstack/cloud-config.yml

3.2.6?部署cloudfoundry

方案一：以下為部署帶loadbalance服務的cf方案

bosh -d cf deploy cf-deployment/cf-deployment.yml \

-o cf-deployment/operations/use-compiled-releases.yml \

-o cf-deployment/operations/openstack.yml \

--vars-store cf-vars.yml \

-v system_domain="example.com"

方案二：使用haproxy方案，該方案不用裝loadbalance資源

https://bosh.io/docs/cloud-config/

在/root/bosh-1/cf-deployment/iaas-support/openstack/cloud-config.yml文件中

添加haproxy的私有ip為static ip到你的網絡中

- az: z1

range: 10.0.1.0/20

reserved: [10.0.1.2-10.0.1.50]

gateway: 10.0.1.1

static: [10.0.1.51]

cloud_properties:

net_id: ((network_id1))

security_groups: [cf]

跟loadbalancer方案不一樣的地方是需要添加一個配置文件use-haproxy.yml，已經haproxy用到的private ip（10.0.1.51），該ip可以是在你network id1網段以內沒有使用的任意一個私有ip。

bosh -e bosh-1 -d openstack-cf deploy cf-deployment/cf-deployment.yml \

--vars-store cf-vars.yml \

-v system_domain=example.com \

-v haproxy_private_ip=10.0.1.51? \

-o cf-deployment/operations/openstack.yml \

-o cf-deployment/operations/use-haproxy.yml

4.登錄cf

cf login -a https://api.example.com --skip-ssl-validation -u admin -p `bosh int ./cf-vars.yml --path /cf_admin_password`

API endpoint: https://api.example.com

Email> admin

Password>

Authenticating...

OK

Targeted org mycloud

API endpoint:?? https://api.example.com (API version: 2.51.0)

User:?????????? admin

Org:??????????? mycloud

Space:????????? No space targeted, use 'cf target -s SPACE'

5?部署應用

在部署應用時，如果cf需要下載關聯包，那么需要cf的vm主機能上互聯網，默認主機無法上網，需要申請華為NAT網關服務，把所有網絡子網全部加入到SNAT中，并統一通過該NAT上互聯網

5.1?創建并指定空間

默認創建名為mycloud的組織org，以及名為development的space空間，一個org組織下可以包含多個空間，每個空間下可以部署多個應用

$ cf create-space development

Creating space development in org mycloud as admin...

OK

Assigning role RoleSpaceManager to user admin in org mycloud / space development as admin...

OK

Assigning role RoleSpaceDeveloper to user admin in org mycloud / space development as admin...

OK

TIP: Use 'cf target -o "mycloud" -s "development"' to target new space

$ cf target -o "mycloud" -s "development"

api endpoint:?? https://api.example.com

api version:??? 2.51.0

user:?????????? admin

org:??????????? mycloud

space:????? ????development

5.2?下載示例應用demo

$ git clone https://github.com/cloudfoundry-samples/cf-php-demo

5.3?修改?manifest.yml文件

其中域名為自己的域名，與部署cf時填寫的域名一致，這里為example.com

$ cd cf-php-demo/

$ vi manifest.yml

---

applications:

- name: cf-php-demo

memory: 128M

instances: 1

host: cf-php-demo

domain: example.com

path: .

buildpack: https://github.com/dmikusa-pivotal/cf-php-apache-buildpack.git

5.4推送應用

cf push myapp -b php_buildpack

注：如果push應用的時候仍然報錯包下載問題，可進行如下配置國外代理代理解決cf里面vm不能上網導致無法安裝的問題。建議盡可能外部編譯好再上傳應用。

cf set-env myapp http_proxy "http://user:password@ip"

cf set-env myapp https_proxy "http://user:password@ip"

cf set-env myapp no_proxy "172.0.0.0/8,localhost,192.168.0.0/16,10.0.0.0/8,122.112.204.189"

也可以把代理配置直接寫入manifest.yml文件：

vi manifest.yml

---applications:

- name: cf-php-demo

memory: 128M

instances: 1

host: cf-php-demo

path: .

env:

http_proxy: http://7.90.3.13:250

https_proxy: http://7.90.3.38:250

no_proxy: 172.0..,localhost,127.0.0.1,10.0..,.hwclouds-dns.com,.novalocal,.example.com

彈性云服務器 ECS 網絡

版權聲明：本文內容由網絡用戶投稿，版權歸原作者所有，本站不擁有其著作權，亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容，請聯系我們jiasou666@gmail.com 處理，核實后本網站將在24小時內刪除侵權內容。