openstack-12补充
openstack-12补充
配额 优化 虚拟机动态调整 自动部署
quto相关配置
查看当前配额
[root@controller1 ~]# neutron quota-show admin
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| floatingip | 50 |
| network | 100 |
| port | 500 |
| rbac_policy | 10 |
| router | 10 |
| security_group | 10 |
| security_group_rule | 100 |
| subnet | 100 |
| subnetpool | -1 |
+---------------------+-------+
web端修改项目配额
查看openstack配置文件是否开启配额限制
vim /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_quotas': True,
...
选择一个项目对配额进行修改
修改控制端
neutron.conf
[quotas]
quota_network = 10
quota_subnet = 10
quota_port = 5000
quota_driver = neutron.db.quota.driver.DbQuotaDriver
quota_router = 10
quota_floatingip = 1000
quota_security_group = 10
quota_security_group_rule = 100
systemctl restart openstack-nova-api.service neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
修改计算节点
[quotas]
quota_network = 10
quota_subnet = 10
quota_port = 5000
quota_driver = neutron.db.quota.driver.DbQuotaDriver
quota_router = 10
quota_floatingip = 1000
quota_security_group = 10
quota_security_group_rule = 100
systemctl restart neutron-linuxbridge-agent
openstack相关优化
配置虚拟机自启动
控制端和计算节点的/etc/nova/nova.conf 进行以下配置:
resume_guests_state_on_host_boot=true
配置 CPU 超限使用:
默认为 16,即允许开启 16 倍于物理 CPU 的虚拟 CPU 个数。
cpu_allocation_ratio=16
配置内存超限使用:
配置允许 1.2 倍于物理内存的虚拟内存(在LINUX系统下内存满了系统会自动杀掉占用内存最大的进程)
ram_allocation_ratio=1.2
配置硬盘超限使用:
磁盘尽量不要超限,可能会导致数据出现丢失
disk_allocation_ratio=1.0
配置保留磁盘空间:
即会预留一部分磁盘空间给系统使用
reserved_host_disk_mb=20480
配置预留内存给系统使用:
预留一定的内存给系统使用
reserved_host_memory_mb=4096
实现实例CPU、内存与磁盘动态调整
#yum install python-pip
#pip install--upgrade pip
openstack核心优化配置
[root@node ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.10.254
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
max_allowed_packet = 500M
wait timeout=2880000
interactive timeout = 2880000
net read timeout = 600
net write timeout = 600
配置虚拟机类型动态调整
实现虚拟机夸宿主机漂移
vim /etc/nova/nova.conf
allow_resize_to_same_host=true
baremetal_enabled_filters=RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFi
lter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter
各计算节点配置 nova 用户:
将 shell 改为/bin/bash
# usermod nova -s /bin/bash
配置 nova 登录密码:
# echo xxxx | passwd --stdin nova
切换至 nova 用户获取秘钥:
bash-4.2$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1
然后将秘钥相互 copy 至各个计算节点:
bash-4.2$ ssh-copy-id -i .ssh/id_dsa.pub nova@x.x.x.x
bash-4.2$ ssh 10.20.119.25 #必须确认可以正常登录到对对端节点
脚本部署openstack
install-openstack-computer
install-openstack-computer
#!/bin/bash
DIR=`pwd`
NOVA_FILE="nova-computer.tar.gz"
NEUTRON_FILE="neutron-computer.tar.gz"
YUM_FILE="yum.tar.gz"
echo "配置本地yum源"
rm -rf /etc/yum.repos.d/*
tar xvf ${DIR}/${YUM_FILE} -C /etc/yum.repos.d/
yum install -y https://rdoproject.org/repos/rdo-release.rpm
yum install -y centos-release-openstack-ocata
echo "yum源设置完成,开始安装基础命令、nova和neutron服务" && sleep 1
echo "配置内核参数和系统优化" && sleep 1
cat ${DIR}/limits.conf > /etc/security/limits.conf
cat ${DIR}/sysctl.conf > /etc/sysctl.conf
cat ${DIR}/profile > /etc/profile
echo "系统优化完成,开始安装基础命令" && sleep 1
yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop ntpdate
echo "安装nova服务" && sleep 1
yum install openstack-nova-compute -y
echo "安装neutron 服务" && sleep
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
echo "与ntp服务器同步系统时间" && sleep 1
/usr/sbin/ntpdate time3.aliyun.com && hwclock --systohc
echo "当前系统时间",`date "+%Y年%m月%d日 %H点%M分%S秒"`
echo "设置时间定时同步" && sleep 1
echo "*/30 * * * * /usr/sbin/ntpdate time3.aliyun.com && hwclock --systohc > /dev/null 2>&1" >> /var/spool/cron/root
systemctl restart crond
echo "nova配置文件" && sleep 1
tar xvf nova-computer.tar.gz -C /etc/nova/
echo "替换nova配置文件中IP地址" && sleep 1
HOST_IP=`ifconfig bond0 | grep inet | head -n1 | awk '{print $2}'`
echo "当前计算节点服务器IP为 ${HOST_IP},即将写入nova配置文件" && sleep 1
sed -i "s/vncserver_proxyclient_address = 192.168.10.203/vncserver_proxyclient_address = ${HOST_IP}/g" /etc/nova/nova.conf
echo "启动nova服务"
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
echo "启动nova服务启动完成!" && sleep 1
echo "neutron服务配置" && sleep 1
tar xvf neutron-computer.tar.gz -C /etc/neutron/
echo "启动neutron服务"
systemctl start openstack-nova-compute.service neutron-linuxbridge-agent.service
systemctl enable openstack-nova-compute.service neutron-linuxbridge-agent.service
echo "计算节点安装完成,请查看相关日志或在OpenStack 管理界面确认计算服务是否自动添加"
shutdown -r +1 "系统将在1分钟后成重启,以让内核参数和优化参数生效"
文件
sysctl.conf
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# # Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# # Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# TCP kernel paramater
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
# socket buffer
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 20480
net.core.optmem_max = 81920
# TCP conn
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# tcp conn reuse
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 1 #?
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
# keepalive conn
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 10001 65000
# swap
vm.overcommit_memory = 0
vm.swappiness = 10
#net.ipv4.conf.eth1.rp_filter = 0
#net.ipv4.conf.lo.arp_ignore = 1
#net.ipv4.conf.lo.arp_announce = 2
#net.ipv4.conf.all.arp_ignore = 1
#net.ipv4.conf.all.arp_announce = 2
limits.conf
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
* hard msgqueue 8192000
neutron-computer.tar nova-computer.tar yum.tar
nova neutron相关的配置可参考之前的笔记
补充,虚拟机资源不够用以下两项步骤没有操作
1、实现haproxy+keepalived服务架构访问及关闭安全组
2、实现LVS-DR模式
#!/bin/sh
#LVS DR 模式初始化脚本
LVS_VIP=192.168.10.88
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0