Ironic 裸金属(Bare Metal)管理
作者:互联网
目录
文章目录
Ironic – Bare Metal Provisioning
Ironic is an OpenStack project which provisions bare metal (as opposed to virtual) machines. It may be used independently or as part of an OpenStack Cloud, and integrates with the OpenStack Identity (keystone), Compute (nova), Network (neutron), Image (glance), and Object (swift) services.
The Bare Metal service manages hardware through both common (eg. PXE and IPMI) and vendor-specific remote management protocols. It provides the cloud operator with a unified interface to a heterogeneous fleet of servers while also providing the Compute service with an interface that allows physical servers to be managed as though they were virtual machines.
官方文档:https://docs.openstack.org/ironic/latest/
Ironic 为 OpenStack 提供裸机(没有安装操作系统的物理服务器)管理服务。Ironic 允许用户像虚拟机一样管理裸金属基础设施,并提供理想的基础设施来托管高性能的云应用程序和架构,包括当下流行的 Kubernetes 等容器编排框架。Ironic 从根本上解决了大规模基础设施的管理问题。特别是,它提供了一种已经过生产验证的裸机硬件全生命周期管理方式。Ironic 为管理裸机实例的云架构师和管理员提供了诸多便利。Ironic 支持整个服务器基础设施生命周期的自动化部署,包括:更新和停止运行。当用做 OpenStack Nova 的驱动程序时,它为终端用户提供了多租户网络的裸金属云基础设施。凭借标准 API、广泛的驱动程序支持和轻量级的空间占用,Ironic 非常适合作为各种裸金属基础设施场景的管理引擎,正如新开发的 Kubernetes 裸机操作所演示的那样,这些功能使 Ironic 适用于从小型边缘部署到大型数据中心的各种用例。
Ironic 与 Nova、Cinder、Neutron 等基础组件协同合作,令部署裸机就像是部署虚拟机一样简单,在 OpenStack 中部署裸机意味着用户可以直接操作硬件设施、部署应用负载(镜像)到真正的物理机器,而不仅只能运行在 Hypervisor 之上。Ironic 主要依赖 PXE 和 IPMI 技术来实现裸机批量部署和系统控制,因此大部分泛式物理服务器型号都可以通过 Ironic 进行系统安装和电源状态管理。对于个别物理服务器型号,可以借助于 Ironic 的可插拔驱动架构快速开发出对应的驱动程序。
- Keystone:提供身份认证与鉴权服务。
- Glance:提供镜像与元数据注册服务。
- Nova:作为 Ironic 的调度与管理层。
- Ironic:提供裸机管理服务。
- Neutron:提供网络服务。
- Cinder:提供块存储服务。
Others:
- the OpenStack Telemetry module (ceilometer) for consuming the IPMI metrics
- the OpenStack Object Storage (swift) provides temporary storage for the configdrive, user images, deployment logs and inspection data.
应用场景
- 快速部署云基础设施
- 提供高性能计算集群
- 提供数据库托管能力
- 更高的资源独立性和可靠性
- 管理无法虚拟化的加速硬件设备
- 需要直接访问硬件的计算服务
简单来说,Ironic 主要解决了两个问题:
- 裸金属资源自服务:为用户提供自助式的裸机设备服务
- OpenStack 自动化部署:自动发现裸机设备、自动安装操作系统、自动配置基础设施服务
部署方式
- 集成至 OpenStack(Nova、Mogan):Ironic 作为 OpenStack Nova 驱动程序的多租户裸金属云。
- Ironic Standalone(Bifrost):Ironic 自身构建独立、轻量级裸金属管理平台。
架构设计
服务进程:
- ironic-api:Ironic 的北向 RESTful API。
- ironic-conductor:完成裸机管理服务的绝大部分工作。如:添加、编辑、删除裸机;开/关裸机电源;提供、部署、清理裸机等。
- DB:数据库。
- MQ:消息队列
内部构件:
- Drivers:真正与物理设备交互的模块,针对不同型号的物理服务器或硬件, ironic-conductor 可以挂不同的驱动程序来执行操作。
- ironic-inspector:负责在 Inspection 阶段自动化完成带内裸金属的数据录入工作。
- ironic-python-agent: 一个运行在临时 ramdisk 中的 Python 服务,接收 ironic-conductor 和 ironic-inspector 的远程访问,完成带内裸金属的操作和硬件自省。
外围部件:
- ramdisk:没有安装操作系统的裸金属通过特定的引导(bootable)将 ramdisk 运行在内存中,ramdisk 为 ironic-python-agent 提供运行环境。通过 diskimage-builder 生成。
- diskimage-builder:用于制作 Image 和 ramdisk。
- python-ironicclient:CLI 指令行工具。
- ironic-ui:Horizon dashboard 插件。
- bifrost:自动化部署 Standalone Ironic 的 Ansible playbooks 集合。
注:网络管理可分为带外管理(out-of-band)和带内管理(in-band)两种管理模式。
- 带外管理(Out-of-band):网络的管理控制信息与用户网络的承载业务信息在不同的逻辑信道传送,指使用独立管理通道进行设备维护,它允许系统管理员远程监控、管理服务器和其他网络设备,无论这些设备是否处于开机状态。
- 带内管理(In-band):网络的管理控制信息与用户网络的承载业务信息通过同一个逻辑信道传送。指使用常规数据通道(e.g. 以太网)来管理设备。带内管理的明显限制是这种管理容易受到被管理设备受攻击或损害的影响。要远程管理出现故障的网络服务器和路由器,管理员需要能通过网络访问它们。但如果网络发生故障,就无法远程管理那些设备,带外管理通过部署与数据通道物理隔离的管理通道来解决这个限制。
底层实现支撑
PXE & iPXE
PXE(Preboot Execute Environment,预启动执行环境),采用 C/S 架构,支持终端通过网络从远端服务器下载映像,并由此支持通过网络启动操作系统。在启动过程中,终端要求服务器分配 IP 地址,再用 TFTP(Trivial File Transfer Protocol)或 MTFTP(Multicast Trivial File Transfer Protocol)协议下载一个启动软件包到本机内存中执行,由这个启动软件包完成终端的基本软件设置,从而引导预先安装在服务器中的终端操作系统。iPXE 是 PXE 的扩展版,支持更多的协议,兼容性更好,不挑网卡。支持 HTTP 协议,可以通过 HTTP、ISCSI SAN、FC SAN 等方式启动。iPXE 的官方网站:http://ipxe.org/
PXE 网络装机步骤举例:
- 终端首先要获取 IP 地址进行网络连接,要求网络中含有 DHCP 服务器。
- 终端要获取系统引导文件。
- PXE 服务器向 TFTP 服务器告知终端的 IP。
- TFTP 服务器将系统引导所需要的文件发送到终端。比如:pxelinux.0(本质是 Grub)、vmlinuz(内核文件),initrd(内存驱动盘)等文件。
- 在终端先通过引导 Grub,再加载其余 2 个文件来实现终端的系统引导。
- 安装操作系统时可以通过 DNS 服务器反向解析为终端设置 Hostname,如果没有设置,则默认为 localhost.localdomain。
- 可以启用 Kickstart 无人值守服务批量部署服务器。
相关协议:
- Dynamic Host Configuration Protocol (DHCP): DHCP is a standardized networking protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. Using PXE, the BIOS uses DHCP to obtain an IP address for the network interface and to locate the server that stores the network bootstrap program (NBP).
- Network Bootstrap Program (NBP): NBP is equivalent to GRUB (GRand Unified Bootloader) or LILO (LInux LOader) - loaders which are traditionally used in local booting. Like the boot program in a hard drive environment, the NBP is responsible for loading the OS kernel into memory so that the OS can be bootstrapped over a network.
- Trivial File Transfer Protocol (TFTP): TFTP is a simple file transfer protocol that is generally used for automated transfer of configuration or boot files between machines in a local environment. In a PXE environment, TFTP is used to download NBP over the network using information from the DHCP server.
IPMI
IPMI(Intelligent Platform Management Interface,智能平台管理接口)是一项应用于服务器带外管理系统设计的标准,通过特有的硬件设备而不是操作系统网络连接来对服务器进行电源的手段。IPMI 能够横跨不同的操作系统、固件和硬件平台,可以智能的监视、控制和上报服务器的运作状况(e.g. 远程开启、关闭电源)以及健康特征(e.g. 温度、电压、风扇工作状态、电源状态等)。IPMI 良好的自治特性克服了以往基于操作系统的管理方式所受的限制,实现了在操作系统不响应或未加载的情况下仍然可以对其进行开关机、信息提取等操作。
IPMI 的核心是 BMC(Baseboard Management Controller ,底板管理控制器),BMC 通常是一个安装在服务器主板上的独立板卡,其不依赖于服务器的处理器、BIOS 或操作系统来工作,可谓非常地独立,是一个单独在系统内运行的无代理管理子系统。BMC 与主板上的不同传感器通信来监视系统是否有严重事件,并在某些参数超出其预置阈值时发出警报和日志事件。所有的 IPMI 功能都是向 BMC 发送命令(IPMI 规范中规定的指令)来完成的,BMC 接收并在系统事件日志中记录事件消息,维护描述系统中传感器情况的传感器数据记录。
当需要对系统文本控制台进行远程访问时,IPMI 的 SOL(Serial Over LAN,LAN 上串口)功能非常关键。SOL 通过将 IPMI 会话重定向到本地串行接口,允许远程访问 Windows 的紧急事件管理控制台(EMS)特殊管理控制台(SAC)或访问 Linux 的串行控制台。BMC 通过在 LAN 上重定向串行端口的信息来做到这点,从而提供了一种与服务器厂商无关的远程查看 OS BootLoader 或紧急管理控制台来诊断和维修故障的标准方式,IPMI 甚至允许在操作系统引导阶段配置各种组件。
BMC 具有以下功能:
- 通过系统的串行端口进行访问
- 故障日志记录和 SNMP 警报发送
- 访问系统事件日志和传感器状况
- 远程开、关机
- 独立于系统电源或工作状态的支持
- 用于系统设置、基于文本公用程序和操作系统控制台的文本控制台重定向
ipmitool 操作示例:
- 改变服务器引导方式
ipmitool -I lan -H <server_ip> -U root -P passwd chassis bootdev pxe
ipmitool -I lan -H <server_ip> -U root -P passwd chassis bootdev disk
ipmitool -I lan -H <server_ip> -U root -P passwd chassis bootdev cdrom
- 服务器电源管理
# 硬关机,直接切断电源
ipmitool -I lan -H <server_ip> -U root -P passwd chassis power off
# 软关机,即如同轻按一下开机扭
ipmitool -I lan -H <server_ip> -U root -P passwd chassis power soft
# 硬开机
ipmitool -I lan -H <server_ip>-U root -P passwd chassis power on
# 硬重启
ipmitool -I lan -H <server_ip> -U root -P passwd chassis power reset
# power off, wait 1s, power on
ipmitool -I lan -H <server_ip> -U root -P passwd chassis power cycle
# 获取当前电源状态
ipmitool -I lan -H <server_ip> -U root -P passwd chassis power status
使用 Devstack 快速体验 Ironic
下载 Devstack:
git clone https://git.openstack.org/openstack-dev/devstack.git -b stable/stein
sudo ./devstack/tools/create-stack-user.sh
sudo su - stack
配置 local.conf
[[local|localrc]]
HOST_IP=192.168.1.100
# Use TryStack(99cloud) git mirror
GIT_BASE=http://git.trystack.cn
#GIT_BASE=https://git.openstack.org
# Reclone each time
RECLONE=no
# Enable Logging
DEST=/opt/stack
LOGFILE=$DEST/logs/stack.sh.log
VERBOSE=True
LOG_COLOR=True
SCREEN_LOGDIR=$DEST/logs
LOGDAYS=1
# Define images to be automatically downloaded during the DevStack built process.
DOWNLOAD_DEFAULT_IMAGES=False
IMAGE_URLS="http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
# use TryStack git mirror
GIT_BASE=http://git.trystack.cn
NOVNC_REPO=http://git.trystack.cn/kanaka/noVNC.git
SPICE_REPO=http://git.trystack.cn/git/spice/sice-html5.git
# Apache Frontend
ENABLE_HTTPD_MOD_WSGI_SERVICES=False
# IP Version
IP_VERSION=4
# Credentials
ADMIN_PASSWORD=password
DATABASE_PASSWORD=password
RABBIT_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
SWIFT_HASH=password
SWIFT_TEMPURL_KEY=password
# Enable Ironic plugin
enable_plugin ironic https://git.openstack.org/openstack/ironic stable/stein
# Disable nova novnc service, ironic does not support it anyway.
disable_service n-novnc
# Enable Swift for the direct deploy interface.
enable_service s-proxy
enable_service s-object
enable_service s-container
enable_service s-account
# Cinder
VOLUME_GROUP_NAME="stack-volumes"
VOLUME_NAME_PREFIX="volume-"
VOLUME_BACKING_FILE_SIZE=100G
# Neutron
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta
# By default, DevStack creates a 10.0.0.0/24 network for instances.
# If this overlaps with the hosts network, you may adjust with the
# following.
NETWORK_GATEWAY=10.1.0.1
FIXED_RANGE=10.1.0.0/24
FIXED_NETWORK_SIZE=256
# Swift temp URL's are required for the direct deploy interface
SWIFT_ENABLE_TEMPURLS=True
# Create 3 virtual machines to pose as Ironic's baremetal nodes.
IRONIC_VM_COUNT=3
IRONIC_BAREMETAL_BASIC_OPS=True
DEFAULT_INSTANCE_TYPE=baremetal
# Enable additional hardware types, if needed.
#IRONIC_ENABLED_HARDWARE_TYPES=ipmi,fake-hardware
# Don't forget that many hardware types require enabling of additional
# interfaces, most often power and management:
#IRONIC_ENABLED_MANAGEMENT_INTERFACES=ipmitool,fake
#IRONIC_ENABLED_POWER_INTERFACES=ipmitool,fake
# The 'ipmi' hardware type's default deploy interface is 'iscsi'.
# This would change the default to 'direct':
#IRONIC_DEFAULT_DEPLOY_INTERFACE=direct
# Change this to alter the default driver for nodes created by devstack.
# This driver should be in the enabled list above.
IRONIC_DEPLOY_DRIVER=ipmi
# The parameters below represent the minimum possible values to create
# functional nodes.
IRONIC_VM_SPECS_RAM=1280
IRONIC_VM_SPECS_DISK=10
# Size of the ephemeral partition in GB. Use 0 for no ephemeral partition.
IRONIC_VM_EPHEMERAL_DISK=0
# To build your own IPA ramdisk from source, set this to True
IRONIC_BUILD_DEPLOY_RAMDISK=False
VIRT_DRIVER=ironic
# Log all output to files
LOGFILE=/opt/stack/devstack.log
LOGDIR=/opt/stack/logs
IRONIC_VM_LOG_DIR=/opt/stack/ironic-bm-logs
服务状态检查:
[root@localhost ~]# openstack compute service list
+----+------------------+-----------------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-----------------------+----------+---------+-------+----------------------------+
| 3 | nova-scheduler | localhost.localdomain | internal | enabled | up | 2019-05-03T18:56:18.000000 |
| 6 | nova-consoleauth | localhost.localdomain | internal | enabled | up | 2019-05-03T18:56:22.000000 |
| 7 | nova-conductor | localhost.localdomain | internal | enabled | up | 2019-05-03T18:56:14.000000 |
| 1 | nova-conductor | localhost.localdomain | internal | enabled | up | 2019-05-03T18:56:15.000000 |
| 3 | nova-compute | localhost.localdomain | nova | enabled | up | 2019-05-03T18:56:18.000000 |
+----+------------------+-----------------------+----------+---------+-------+----------------------------+
[root@localhost ~]# openstack network agent list
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
| 52f23bda-a645-4459-bcac-686d98d23345 | Open vSwitch agent | localhost.localdomain | None | :-) | UP | neutron-openvswitch-agent |
| 7113312f-b0b7-4ce8-ab15-428768b30855 | L3 agent | localhost.localdomain | nova | :-) | UP | neutron-l3-agent |
| a45fb074-3b24-4b9e-8c8a-43117f6195f2 | Metadata agent | localhost.localdomain | None | :-) | UP | neutron-metadata-agent |
| f207648b-03f3-4161-872e-5210f29099c6 | DHCP agent | localhost.localdomain | nova | :-) | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
[root@localhost ~]# openstack volume service list
+------------------+-----------------------------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+-----------------------------------+------+---------+-------+----------------------------+
| cinder-scheduler | localhost.localdomain | nova | enabled | up | 2019-05-03T18:56:54.000000 |
| cinder-volume | localhost.localdomain@lvmdriver-1 | nova | enabled | up | 2019-05-03T18:56:53.000000 |
+------------------+-----------------------------------+------+---------+-------+----------------------------+
[root@localhost ~]# openstack baremetal node list
+--------------------------------------+--------+---------------+-------------+--------------------+-------------+
| UUID | Name | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+--------+---------------+-------------+--------------------+-------------+
| adda54fb-1038-4634-8d82-53922e875a1f | node-0 | None | power off | available | False |
| 6952e923-11ae-4506-b010-fd7a3c4278f5 | node-1 | None | power off | available | False |
| f3b8fe69-a840-42dd-9cbf-217be8a95431 | node-2 | None | power off | available | False |
+--------------------------------------+--------+---------------+-------------+--------------------+-------------+
[root@localhost ~]# openstack server create --flavor baremetal --image cirros-0.4.0-x86_64-disk --key-name default --nic net-id=5c86f931-64da-4c69-a0f1-e2da6d9dd082 VM1
+-------------------------------------+-----------------------------------------------------------------+
| Field | Value |
+-------------------------------------+-----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | k3TgBf5Xjsqv |
| config_drive | |
| created | 2019-05-03T20:26:28Z |
| flavor | baremetal (8f6fd22b-9bec-4b4d-b427-7c333e47d2c2) |
| hostId | |
| id | 70e9f2b1-a292-4e95-90d4-55864bb0a71d |
| image | cirros-0.4.0-x86_64-disk (4ff12aca-b762-436c-b98c-579ad2a21649) |
| key_name | default |
| name | VM1 |
| progress | 0 |
| project_id | cbf936fc5e9d4cfcaa1dbc06cd9d2e3e |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2019-05-03T20:26:28Z |
| user_id | 405fad83a4b3470faf7d6c616fe9f7f4 |
| volumes_attached | |
+-------------------------------------+-----------------------------------------------------------------+
[root@localhost ~]# openstack baremetal node list
+--------------------------------------+--------+--------------------------------------+-------------+--------------------+-------------+
| UUID | Name | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+--------+--------------------------------------+-------------+--------------------+-------------+
| adda54fb-1038-4634-8d82-53922e875a1f | node-0 | None | power off | available | False |
| 6952e923-11ae-4506-b010-fd7a3c4278f5 | node-1 | None | power off | available | False |
| f3b8fe69-a840-42dd-9cbf-217be8a95431 | node-2 | 70e9f2b1-a292-4e95-90d4-55864bb0a71d | power off | deploying | False |
+--------------------------------------+--------+--------------------------------------+-------------+--------------------+-------------+
[root@localhost ~]# openstack server list --long
+--------------------------------------+------+--------+------------+-------------+-------------------+--------------------------+--------------------------------------+-------------+--------------------------------------+-------------------+-----------------------+------------+
| ID | Name | Status | Task State | Power State | Networks | Image Name | Image ID | Flavor Name | Flavor ID | Availability Zone | Host | Properties |
+--------------------------------------+------+--------+------------+-------------+-------------------+--------------------------+--------------------------------------+-------------+--------------------------------------+-------------------+-----------------------+------------+
| 70e9f2b1-a292-4e95-90d4-55864bb0a71d | VM1 | ACTIVE | None | Running | private=10.0.0.40 | cirros-0.4.0-x86_64-disk | 4ff12aca-b762-436c-b98c-579ad2a21649 | baremetal | 8f6fd22b-9bec-4b4d-b427-7c333e47d2c2 | nova | localhost.localdomain | |
+--------------------------------------+------+--------+------------+-------------+-------------------+--------------------------+--------------------------------------+-------------+--------------------------------------+-------------------+-----------------------+------------+
[root@localhost ~]# openstack baremetal node list
+--------------------------------------+--------+--------------------------------------+-------------+--------------------+-------------+
| UUID | Name | Instance UUID | Power State | Provisioning State | Maintenance |
+--------------------------------------+--------+--------------------------------------+-------------+--------------------+-------------+
| adda54fb-1038-4634-8d82-53922e875a1f | node-0 | None | power off | available | False |
| 6952e923-11ae-4506-b010-fd7a3c4278f5 | node-1 | None | power off | available | False |
| f3b8fe69-a840-42dd-9cbf-217be8a95431 | node-2 | 70e9f2b1-a292-4e95-90d4-55864bb0a71d | power on | deploying | False |
+--------------------------------------+--------+--------------------------------------+-------------+--------------------+-------------+
[root@localhost ~]# ssh cirros@10.0.0.40
$
此时 Ironic 作为 OpenStack Nova 驱动存在:
# nova.conf
[DEFAULT]
...
ompute_driver = ironic.IronicDriver
上层资源模型
• node:裸金属的基础信息。包括 CPU、存储等信息,还包括 Ironic 管理该裸金属所使用的 Driver 类型信息。
• chassis:裸金属模板信息,用于 node 的管理分类。
• port:裸金属网口的基础信息,包括 MAC 地址、LLDP 等信息。
• portgroup:裸金属上联交换机对裸金属网口的端口组配置信息。
• conductor:记录 ironic-conductor 的状态及其支持 Driver 类型的信息。
• volume connector/target:记录裸金属的块设备挂载信息。
参考文章
https://mp.weixin.qq.com/s/mqIGc39nyVVWvzpwAJ9zHA
https://mp.weixin.qq.com/s/eRrvZ7WG3YdkknQ0H2VP4A
https://mp.weixin.qq.com/s/i_wxVyBDPXdJyD_gwVcPGw
标签:power,Metal,ironic,Bare,Ironic,服务器,root,localhost 来源: https://blog.csdn.net/Jmilk/article/details/89709880