上一篇:构建基于openEuler2209的OpenStack云平台(十一)
12 安装和配置Telemetry数据采集服务 (Ceilometer)
Ceilometer服务提供以下功能:
- 高效地轮询与OpenStack服务相关的计量数据。
- 通过监视从服务发送的通知来收集事件和计数数据。
- 将收集的数据发布到各种目标,包括数据存储和消息队列。
12.1 安装和配置控制节点服务
本节要求已经成功部署了一个OpenStack环境,其中至少安装了nova、glance和Identity服务组件。
12.1.1 安装和配置Ceilometer
1、先决条件
在安装和配置Telemetry服务之前,必须配置要向其发送计量数据的目标,建议的端点是Gnocchi。
(1)获取管理员凭证
[root@xgk-ctl ~]# source /etc/keystone/admin-openrc (2)创建服务凭证
- 创建ceilometer用户
[root@xgk-ctl ~]# openstack user create --domain default --password-prompt ceilometer
User Password: #设置ceilometer用户的密码,比如CEILOMETER_PASS
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 456e41db404c490ab02ef0b3c8432e7c |
| name | ceilometer |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+- 为ceilometer用户添加管理员角色
[root@xgk-ctl ~]# openstack role add --project service --user ceilometer admin
- 创建ceilometer服务
[root@xgk-ctl ~]# openstack service create --name ceilometer --description "Telemetry" metering
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Telemetry |
| enabled | True |
| id | 3002eced3ab14228a6b7500e34be7cc3 |
| name | ceilometer |
| type | metering |
+-------------+----------------------------------+
(3)在Keystone中注册Gnocchi服务
- 创建gnocchi用户
[root@xgk-ctl ~]# openstack user create --domain default --password-prompt gnocchi
User Password: #设置gnocchi用户的密码,比如GNOCCHI_PASS
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 737c570765aa42a1935d2faca0f142f7 |
| name | gnocchi |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+- 创建gnocchi服务实体
[root@xgk-ctl ~]# openstack service create --name gnocchi --description "Metric Service" metric
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Metric Service |
| enabled | True |
| id | bc4013649da848d0b22da53654550d23 |
| name | gnocchi |
| type | metric |
+-------------+----------------------------------+
- 为gnocchi用户添加管理员角色
[root@xgk-ctl ~]# openstack role add --project service --user gnocchi admin
- 创建Metric服务API端点
创建public端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne metric public http://xgk-ctl:8041
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4feacedd6e3e4aaeb5a0df343a321083 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | bc4013649da848d0b22da53654550d23 |
| service_name | gnocchi |
| service_type | metric |
| url | http://xgk-ctl:8041 |
+--------------+----------------------------------+
创建internal端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne metric internal http://xgk-ctl:8041
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5bc00405f8fd4305805e608ed1212a85 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | bc4013649da848d0b22da53654550d23 |
| service_name | gnocchi |
| service_type | metric |
| url | http://xgk-ctl:8041 |
+--------------+----------------------------------+
创建admin端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne metric admin http://xgk-ctl:8041
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7145892172ac4a16a3890fc6511a1bf7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | bc4013649da848d0b22da53654550d23 |
| service_name | gnocchi |
| service_type | metric |
| url | http://xgk-ctl:8041 |
+--------------+----------------------------------+
2、安装Gnocchi
(1)安装Gnocchi软件包
[root@xgk-ctl ~]# dnf -y install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient(2)为Gnocchi的索引器创建数据库,并授予权限
[root@xgk-ctl ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5754
Server version: 10.5.16-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE gnocchi;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> exit;
Bye
(3)编辑/etc/gnocchi/gnocchi.conf配置文件
[root@xgk-ctl ~]# cp -a /etc/gnocchi/gnocchi.conf{,.bak}
[root@xgk-ctl ~]# grep -Ev '^$|#' /etc/gnocchi/gnocchi.conf.bak > /etc/gnocchi/gnocchi.conf
[root@xgk-ctl ~]# vim /etc/gnocchi/gnocchi.conf
……此处省略文件中无需修改的内容……
[DEFAULT]
#coordination_url不是必需的,但指定一个将通过更好的工作负载分配来提高性能,要求先配置好redis服务。
coordination_url = redis://xgk-ctl:6379
#配置gnocchi以使用keystone
[api]
auth_mode = keystone
port = 8041
uwsgi_mode = http-socket
#配置keystone身份验证
[keystone_authtoken]
auth_type = password
auth_url = http://xgk-ctl:5000/v3
project_domain_name = Default
user_domain_name = Default
project_name = service
username = gnocchi
password = GNOCCHI_PASS
interface = internalURL
region_name = RegionOne
#配置数据库访问
[indexer]
url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@xgk-ctl/gnocchi
#配置存储metric数据的位置
[storage]
file_basepath = /var/lib/gnocchi
driver = file附:在控制节点配置redis过程如下:
[root@xgk-ctl ~]# dnf -y install redis
[root@xgk-ctl ~]# vim /etc/redis.conf
……此处省略文件原有内容,将bind=127.0.0.1改成控制节点的IP地址……
bind 192.168.18.200
[root@xgk-ctl ~]# systemctl enable redis
[root@xgk-ctl ~]# systemctl start redis
[root@xgk-ctl ~]# netstat -nltp | grep 6379
tcp 0 0 192.168.18.200:6379 0.0.0.0:* LISTEN 4309/redis-server 2 (4)初始化Gnocchi
[root@xgk-ctl ~]# gnocchi-upgrade
2023-02-15 22:16:26,122 [230304] INFO gnocchi.service: Gnocchi version 4.4.1
2023-02-15 22:16:26,737 [230304] INFO gnocchi.cli.manage: Upgrading indexer SQLAlchemyIndexer: mysql+pymysql://***:***@xgk-ctl/gnocchi
2023-02-15 22:16:26,848 [230304] WARNING py.warnings: /usr/lib/python3.10/site-packages/pymysql/cursors.py:170: Warning: (1280, "Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
2023-02-15 22:16:26,872 [230304] WARNING py.warnings: /usr/lib/python3.10/site-packages/gnocchi/indexer/sqlalchemy.py:361: SAWarning: relationship 'ResourceHistory.metrics' will copy column resource_history.id to column metric.resource_id, which conflicts with relationship(s): 'Metric.resource' (copies resource.id to metric.resource_id), 'Resource.metrics' (copies resource.id to metric.resource_id). If this is not the intention, consider if these relationships should be linked with back_populates, or if viewonly=True should be applied to one or more if they are read-only. For the less common case that foreign key constraints are partially overlapping, the orm.foreign() annotation can be used to isolate the columns that should be written towards. To silence this warning, add the parameter 'overlaps="metrics,resource"' to the 'ResourceHistory.metrics' relationship. (Background on this error at: https://sqlalche.me/e/14/qzyx)
ResourceType(
2023-02-15 22:16:26,877 [230304] INFO gnocchi.cli.manage: Upgrading storage FileStorage: /var/lib/gnocchi
2023-02-15 22:16:26,878 [230304] INFO gnocchi.cli.manage: Upgrading incoming storage FileStorage: /var/lib/gnocchi
3、完成Gnocchi安装
[root@xgk-ctl ~]# systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service
[root@xgk-ctl ~]# systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service
4、安装和配置组件
(1)安装Ceilometer软件包
[root@xgk-ctl ~]# dnf -y install openstack-ceilometer-notification openstack-ceilometer-central(2)编辑/etc/ceilometer/pipeline.yaml文件,配置Gnocchi连接
[root@xgk-ctl ~]# /etc/ceilometer/pipeline.yaml
……此处省略文件原有内容……
sinks:
- name: meter_sink
publishers:
- gnocchi://?filter_project=service&archive_policy=low
(3)编辑/etc/ceilometer/ceilometer.conf文件
[root@xgk-ctl ~]# cp -a /etc/ceilometer/ceilometer.conf{,.bak}
[root@xgk-ctl ~]# grep -Ev '^$|#' /etc/ceilometer/ceilometer.conf.bak > /etc/ceilometer/ceilometer.conf
[root@xgk-ctl ~]# vim /etc/ceilometer/ceilometer.conf
……此处省略文件中无需修改的内容……
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@xgk-ctl
[service_credentials]
auth_type = password
auth_url = http://xgk-ctl:5000/v3
project_domain_id = default
user_domain_id = default
project_name = service
username = ceilometer
password = CEILOMETER_PASS
interface = internalURL
region_name = RegionOne(4)初始化数据库,在Gnocchi创建Ceilometer资源,执行该步操作时,应确保Gnocchi正在运行。
[root@xgk-ctl ~]# gnocchi status
+-----------------------------------------------------+-------+
| Field | Value |
+-----------------------------------------------------+-------+
| metricd/processors | None |
| storage/number of metric having measures to process | 0 |
| storage/total number of measures to process | 0 |
+-----------------------------------------------------+-------+
[root@xgk-ctl ~]# ceilometer-upgrade
5、完成安装
[root@xgk-ctl ~]# systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service
[root@xgk-ctl ~]# systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service12.1.2 配置Cinder服务
本节操作在块存储节点上完成。
1、 编辑/etc/cinder/cinder.conf配置文件,以使用Telemetry
[root@xgk-blkn1 ~]# vim /etc/cinder/cinder.conf
……此处省略文件无需修改的内容……
[oslo_messaging_notifications]
driver = messagingv22、启用与块存储相关的定期使用统计信息
可以使用crontab服务,周期性地统计信息,以下示例为每5分钟统计一次信息。
[root@xgk-blkn1 ~]# crontab -e
*/5 * * * * /path/to/cinder-volume-usage-audit --send_actions
也可以按以下格式执行命令统计某个时间段内的信息:
cinder-volume-usage-audit --start_time='YYYY-MM-DD HH:MM:SS' --end_time='YYYY-MM-DD HH:MM:SS' --send_actions
示例如下:
[root@xgk-blkn1 ~]# cinder-volume-usage-audit --start_time='2023-02-10 21:41:00' --end_time='2023-03-01 00:00:00' --send_actions3、完成配置
(1)在控制节点上执行以下命令重启服务
[root@xgk-ctl ~]# systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service(1)在块存储节点上执行以下命令重启openstack-cinder-volume.service
[root@xgk-blkn1 ~]# systemctl restart openstack-cinder-volume.service
12.1.3 配置glance服务
此节操作在控制节点上完成。
1、编辑/etc/glance/glance-api.conf 配置文件,以使用Telemetry
[root@xgk-ctl ~]# vim /etc/glance/glance-api.conf
……此处省略文件原有内容……
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@xgk-ctl
[oslo_messaging_notifications]
driver = messagingv22、完成配置
[root@xgk-ctl ~]# systemctl restart openstack-glance-api.service12.1.4 配置Heat服务
此节操作在控制节点上完成。
1、配置 /etc/heat/heat.conf文件,以使用Telemetry
在[oslo_messaging_notifications]节,启动notifications
[root@xgk-ctl ~]# vim /etc/heat/heat.conf
[oslo_messaging_notifications]
driver = messagingv22、完成配置
[root@xgk-ctl ~]# systemctl restart openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
12.1.5 配置Neutron服务
此节操作在控制节点上完成。
1、编辑/etc/neutron/neutron.conf配置文件,以使用Telemetry
在[oslo_messaging_notifications]节,启动notifications
[root@xgk-ctl ~]# vim /etc/neutron/neutron.conf
[oslo_messaging_notifications]
driver = messagingv22、完成配置
[root@xgk-ctl ~]# systemctl restart neutron-server.service
12.1.6 配置swift服务
此节操作在控制节点上完成,要求OpenStack已安装对象存储服务。
Telemetry 使用轮询和通知的组合来收集Object Storage meters。
1、先决条件
Telemetry 服务需要使用ResellerAdmin角色访问对象存储服务。执行以下命令创建ResellerAdmin角色,并为ceilometer 用户添加ResellerAdmin角色。
[root@xgk-ctl ~]# source /etc/keystone/admin-openrc
[root@xgk-ctl ~]# openstack role create ResellerAdmin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | db55044cec3342d2adc1cd15a20aa6c3 |
| name | ResellerAdmin |
| options | {} |
+-------------+----------------------------------+
[root@xgk-ctl ~]# openstack role add --project service --user ceilometer ResellerAdmin
2、安装组件
[root@xgk-ctl ~]# pip install ceilometermiddleware3、编辑/etc/swift/proxy-server.conf配置
在[filter:keystoneauth]节,添加以下内容
[root@xgk-ctl ~]# vim /etc/swift/proxy-server.conf
[filter:keystoneauth]
……此处省略文件原有内容……
operator_roles = admin, user, ResellerAdmin
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging ceilometer proxy-server
[filter:ceilometer]
paste.filter_factory = ceilometermiddleware.swift:filter_factory
control_exchange = swift
url = rabbit://openstack:RABBIT_PASS@xgk-ctl:5672/
driver = messagingv2
topic = notifications
log_level = WARN4、完成配置
[root@xgk-ctl ~]# systemctl restart openstack-swift-proxy.service
12.1.7 配置keystone服务
为了实现对API请求的审计,Keystone提供了中间件,该中间件捕获对服务的API请求并向Ceilometer发送数据。
Keystone中间件库提供了一个可选的WSGI中间件过滤器,它允许审计OpenStack每个组件的API请求。
审计中间件过滤器利用环境变量构建CADF事件。
1、执行以下命令安装中间件及其依赖包
[root@xgk-ctl ~]# pip install keystonemiddleware
[root@xgk-ctl ~]# pip install keystonemiddleware[audit_notifications]2、启用审核中间件
要启用审核,应安装oslo.messaging。如果没有,中间件将记录审计事件。通过编辑项目的api-paste.ini文件以包含以下筛选器定义,为特定项目启用审核。比如要审计nova服务,则编辑/etc/nova/api-paste.ini。
示例如下:
[root@xgk-ctl ~]# vim /etc/nova/api-paste.ini
……此处省略文件原有内容……
……将以下节作为第一个以filter开头的节……
[filter:audit]
paste.filter_factory = keystonemiddleware.audit:filter_factory
audit_map_file = /etc/nova/api_audit_map.conf
过滤器应包含在Keystone中间件的auth_token中间件之后,以便它可以利用auth_toke设置的环境变量。以下是使用Nova的WSGI管道的示例:
[composite:openstack_compute_api_v2]
use = call:nova.api.auth:pipeline_factory
noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
keystone = faultwrap sizelimit authtoken keystonecontext ratelimit audit osapi_compute_app_v2
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext audit osapi_compute_app_v23、配置中间件
为了正确审计api请求,审计中间件需要定义api_audit_map.conf。项目对应的api_audit_map.conf文件包含在pyCADF库中。应通过将路径添加到筛选器定义的“audit_map_file”选项来明确指定映射文件的位置,比如上面的nova服务,定义的api_audit_map.conf文件位置为/etc/nova/api_audit_map.conf
[filter:audit]
paste.filter_factory = keystonemiddleware.audit:filter_factory
audit_map_file = /etc/nova/api_audit_map.conf
#以下可以设置其他选项:
service_name = test # opt to set HTTP_X_SERVICE_NAME environ variable
ignore_req_list = GET,POST # opt to ignore specific requests审计中间件可以配置为使用自己的独占通知驱动程序和主题值。当服务已经在使用oslo消息传递通知并希望使用不同的驱动程序进行审核时,这可能很有用。例如,服务已通过“messagingv2”将现有通知发送到队列,并希望通过“log”驱动程序将审核通知发送到日志文件。示例如下:
[audit_middleware_notifications]
driver = log当审计事件通过“messagingv2”或“消息传递”发送时,如果其传输URL需要与服务自身的消息传递设置不同,中间件可以指定传输URL。从服务配置中定义的oslo消息部分读取其他与传输相关的设置,例如“oslo_messaging_rabbit”。示例如下:
[audit_middleware_notifications]
driver = messaging
transport_url = rabbit://user2:passwd@host:5672/another_virtual_host12.2 安装和配置计算节点服务
本节操作在计算节点上完成。
12.2.1 安装和配置组件
1、安装软件包
[root@xgk-cpt ~]# dnf -y install openstack-ceilometer-compute openstack-ceilometer-ipmi
2、编辑/etc/ceilometer/ceilometer.conf配置文件
[root@xgk-cpt ~]# cp -a /etc/ceilometer/ceilometer.conf{,.bak}
[root@xgk-cpt ~]# grep -Ev '^$|#' /etc/ceilometer/ceilometer.conf.bak > /etc/ceilometer/ceilometer.conf
[root@xgk-cpt ~]# vim /etc/ceilometer/ceilometer.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@xgk-ctl
[service_credentials]
auth_url = http://xgk-ctl:5000
project_domain_id = default
user_domain_id = default
auth_type = password
username = ceilometer
project_name = service
password = CEILOMETER_PASS
interface = internalURL
region_name = RegionOne12.2.2 配置计算以使用Telemetry
1、编辑/etc/nova/nova.conf配置文件
[root@xgk-cpt ~]# vim /etc/nova/nova.conf
[DEFAULT]
……此处省略文件原有内容……
instance_usage_audit = True
instance_usage_audit_period = hour
[notifications]
notify_on_state_change = vm_and_task_state
[oslo_messaging_notifications]
driver = messagingv22、编辑/etc/ceilometer/polling.yaml文件
[root@xgk-cpt ~]# vim /etc/ceilometer/polling.yaml
……此处省略文件原有内容,注意上下- name要严格对齐……
- name: ipmi
interval: 300
meters:
- hardware.ipmi.temperature12.2.3 完成配置
[root@xgk-cpt ~]# systemctl enable openstack-ceilometer-compute.service openstack-ceilometer-ipmi.service
[root@xgk-cpt ~]# systemctl start openstack-ceilometer-compute.service openstack-ceilometer-ipmi.service
[root@xgk-cpt ~]# systemctl restart openstack-nova-compute.service
12.3 验证
本节操作在控制节点上完成。
下面使用Gnocchi验证数据。或者,可以通过添加meter_dispatchers=file或file://publisher将数据临时发布到文件后端。
1、获取admin凭证
[root@xgk-ctl ~]# source /etc/keystone/admin-openrc2、列出可用资源及其metrics
Resource:是gnocchi对openstack监控数据的一个大体的划分,比如虚拟机的磁盘的所有监控资源作为一个resource,可用命令gnocchi resource list查看
Metric:是gnocchi对openstack监控数据的第二层划分,归属于resource,代表一个较具体的资源,比如cpu值,可用命令gnocchi metric list查看
Measure:是gnocchi对openstack监控数据的第三层划分,归属于metric,表示在某个时间戳对应资源的值,可用命令gnocchi measures show metric_id
[root@xgk-ctl ~]# gnocchi resource list --type image
[root@xgk-ctl ~]# gnocchi resource show a6b387e1-4276-43db-b17a-e10f649d85a3
3、从image服务下载CirrOS镜像
[root@xgk-ctl ~]# IMAGE_ID=$(glance image-list | grep 'cirros' | awk '{ print $2 }')
[root@xgk-ctl ~]# glance image-download $IMAGE_ID > /tmp/cirros.img4、再次列出可用的metrics,以验证镜像下载的检测
gnocchi measures show 839afa02-1668-4922-a33e-6b6ea77807155、删除前面下载的镜像文件/tmp/cirros.img
[root@xgk-ctl ~]# rm /tmp/cirros.img
1200
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
