STATUS=`echo $PODS_DATA | \

6 jq '.items[] | select(.metadata.name == '$pod_name')' | jq '.status.phase'`

POD

リソースの状態確認

shell

サンプル

(

一部抜粋

)

環境構築：構築の流れ

►

監視対象ノードに

zabbix_agent

を導入

►

監視サーバで各監視項目を設定

●

監視対象ノードの登録

●

各層の監視項目を設定

39

STEP1

監視項目

STEP2

監視ツール

STEP3

環境構築

zabbix_server

kube-apiserver

kube-controller-manager kube-scheduler

kube-proxy kubelet docker

flanneld etcd

zabbix_agent

nova

nova-api nova-scheduler

・・・

nova-novncproxy x 2

^・・・

・・・

「 OpenStack 」 on Kubernetes 監視のポイントは？

►

従来と同様の方法で監視を実現可能

► Kubernetes化したOpenStackプロセスのプロセス監視は不要 (

コンテナ内のプロセス死活は

POD

状態に反映

)

► Kubernetes

クラスタのノード監視は一律の監視設定で良い

►

事前の検証は必要

結局，運用してみて楽になった？

►

まだ分からない・・・

● Kubernetes

化の後、故障が発生していない

…

● Kubernetes化の後、増減設やupdateのメンテナンスが発生していない…

41

0 から始めたまとめ

まとめ

結果：

► Kubernetes

を使って

OpenStack

を構築してみて「楽になった」か？

●

楽になった

► Kubernetes

を使って

OpenStack

を運用してみて「楽になった」か？

●

まだ分からない・・・

考察：

►

どんな人

(

環境

)

に向いている？

●

プロセス配置まで厳密に管理したい運用者には

,

向いていないかも

...

(

大規模チームでの運用

?)

●

プロセス配置の管理を気にしない運用者には

,

向いているかも

…

(

少数精鋭チームでの運用者

?) ₄₃

ご清聴ありがとうございました

参考

OpenStack に適用する際の注意点

►

追加で必要な運用作業も発生

●

再

deploy

発生で、コンテナ上

OpenStack

プロセスのホスト名が変わる

→定期的にNovaなどのDBから不要なホスト名を削除する作業が発生

openstack@openstack:~$ openstack compute service list

+----+---+---+---+

| ID | Binary | Host | ~snip~ | +----+---+---+---+

| 65 | nova-scheduler | nova-deployment-3169709093-5r5k2 | ~snip~ |

| 66 | nova-conductor | nova-deployment-3169709093-tjll5 | ~snip~ |

| 67 | nova-consoleauth | nova-deployment-3169709093-chqw8 | ~snip~ |

~snip~

Dockerfile ~ Keystone

47

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton

RUN apt update && apt install -y keystone apache2 libapache2-mod-wsgi ENV APACHE_RUN_USER=www-data

ENV APACHE_RUN_GROUP=www-data

ENV APACHE_PID_FILE=/var/run/apache2/apache2.pid ENV APACHE_RUN_DIR=/var/run/apache2

ENV APACHE_LOCK_DIR=/var/lock/apache2 ENV APACHE_LOG_DIR=/var/log/apache2 EXPOSE 5000 35357

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]

● keystone

Dockerfile ~ Nova 1/2

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton RUN apt update && apt install -y nova-api

EXPOSE 8774

CMD ["/usr/bin/nova-api", "--config-file", "/etc/nova/nova.conf", "--log-file", "/var/log/nova/nova-api.log"]

● nova-api

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton RUN apt update && apt install -y nova-scheduler

CMD ["/usr/bin/nova-scheduler", "--config-file", "/etc/nova/nova.conf", "--log-file", "/var/log/nova/nova-scheduler.log"]

● nova-scheduler

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton

● nova-conductor

Dockerfile ~ Nova 2/2

49

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton RUN apt update && apt install -y nova-novncproxy EXPOSE 6080

CMD ["/usr/bin/nova-novncproxy", "--config-file", "/etc/nova/nova.conf", "--log-file", "/var/log/nova/nova-novncproxy.log"]

● nova-novcnproxy

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton RUN apt update && apt install -y nova-consoleauth

CMD ["/usr/bin/nova-consoleauth", "--config-file", "/etc/nova/nova.conf", "--log-file", "/var/log/nova/nova-consoleauth.log"]

● nova-consoleauth

Dockerfile ~ Cinder

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton

RUN apt update && apt install -y cinder-api python-memcache EXPOSE 8776

CMD ["/usr/bin/cinder-api", "--config-file", "/etc/cinder/cinder.conf", "--log-file", "/var/log/cinder/cinder-api.log"]

● cinder-api

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton RUN apt update && apt install -y cinder-scheduler

CMD ["/usr/bin/cinder-scheduler", "--config-file", "/etc/cinder/cinder.conf", "--log-file",

"/var/log/cinder/cinder-scheduler.log"]

● cinder-scheduler

Dockerfile ~ Neutron

51

FROM ubuntu:16.04

RUN apt update && apt install -y software-properties-common \

&& add-apt-repository cloud-archive:newton RUN apt update && apt install -y neutron-server EXPOSE 9696

CMD ["/usr/bin/neutron-server", "--config-file", "/etc/neutron/neutron.conf", "--config-file",

"/etc/neutron/plugins/ml2/ml2_conf.ini", "--log-file", "/var/log/neutron/neutron-server.log"]

● neutron-server

Deployment ~ Keystone

---apiVersion: extensions/v1beta1 kind: Deployment

metadata:

name: keystone-deployment spec:

replicas: 2 template:

metadata:

labels:

app: keystone spec:

containers:

- name: keystone

image: <your repo IP>:<port>/keystone:newton volumeMounts:

- name: keystone

mountPath: /etc/keystone - name: apache2

mountPath: /etc/apache2 ports:

- containerPort: 5000 name: public

● keystone-deployment.yaml

hostPath:

path: /etc/k8s/keystone - name: apache2

hostPath:

path: /etc/k8s/apache2

Deployment ~ Nova

53

---apiVersion: extensions/v1beta1 kind: Deployment

metadata:

name: nova-deployment spec:

replicas: 2 template:

metadata:

labels:

app: nova spec:

hostNetwork: true containers:

- name: nova-api

image: <your repo IP>:<port>/nova-api:newton volumeMounts:

- name: nova

mountPath: /etc/nova ports:

- containerPort: 8774 securityContext:

privileged: true - name: nova-scheduler

image: <your repo IP>:<port>/nova-scheduler:newton

● nova-deployment.yaml

volumeMounts:

- name: nova

mountPath: /etc/nova - name: nova-conductor

image: <your repo IP>:<port>/nova-conductor:newton volumeMounts:

- name: nova

mountPath: /etc/nova - name: nova-novncproxy

image: <your repo IP>:<port>/nova-novncproxy:newton volumeMounts:

- name: nova

mountPath: /etc/nova ports:

- containerPort: 6080 - name: nova-consoleauth image: <your repo

IP>:<port>/nova-consoleauth:newton volumeMounts:

- name: nova

mountPath: /etc/nova volumes:

- name: nova hostPath:

path: /etc/k8s/nova

Deployment ~ Cinder

---apiVersion: extensions/v1beta1 kind: Deployment

metadata:

name: cinder-deployment spec:

replicas: 2 template:

metadata:

labels:

app: cinder spec:

containers:

- name: cinder-api

image: <your repo IP>:<port>/cinder-api:newton volumeMounts:

- name: cinder

mountPath: /etc/cinder ports:

- containerPort: 8776 - name: cinder-scheduler image: <your repo

IP>:<port>/cinder-scheduler:newton

● cinder-deployment.yaml

- name: cinder

mountPath: /etc/cinder volumes:

- name: cinder hostPath:

path: /etc/k8s/cinder

Deployment ~ Neutron

55

---apiVersion: extensions/v1beta1 kind: Deployment

metadata:

name: neutron-deployment spec:

replicas: 2 template:

metadata:

labels:

app: neutron spec:

containers:

- name: neutron-server

image: <your repo IP>:<port>/neutron-server:newton volumeMounts:

- name: neutron

mountPath: /etc/neutron ports:

- containerPort: 9696 volumes:

- name: neutron hostPath:

path: /etc/k8s/neutron

● neutron-deployment.yaml

Service ~ Keystone / Nova

---apiVersion: v1 kind: Service metadata:

name: keystone-service spec:

type: NodePort ports:

- name: public port: 5000 targetPort: 5000 nodePort: 5000 protocol: TCP - name: admin

port: 35357 targetPort: 35357 nodePort: 35357 protocol: TCP selector:

app: keystone

● keystone-service.yaml

---apiVersion: v1 kind: Service metadata:

name: nova-service spec:

type: NodePort ports:

- name: nova-api port: 8774 targetPort: 8774 nodePort: 8774 protocol: TCP - name: nova-novncproxy

port: 6080 targetPort: 6080 nodePort: 6080 protocol: TCP selector:

app: nova

● nova-service.yaml

Service ~ Cinder / Neutron

57

---apiVersion: v1 kind: Service metadata:

name: cinder-service spec:

type: NodePort ports:

- name: cinder-api port: 8776 targetPort: 8776 nodePort: 8776 protocol: TCP selector:

app: cinder

● cinder-service.yaml

---apiVersion: v1 kind: Service metadata:

name: neutron-service spec:

type: NodePort ports:

- name: neutron-server port: 9696 targetPort: 9696 nodePort: 9696 protocol: TCP selector:

app: neutron

● neutron-service.yaml

Kubernetes リソース監視スクリプト ~ Pod

#!/bin/bash

# Set args.

ENDPOINT=$1

# Get Pod json data.

PODS_DATA=`curl -s $ENDPOINT/api/v1/pods`

if [ -z "$PODS_DATA" ] then

echo "ERROR: Can't access to Kubernetes API endpoint."

exit 2 fi

# Get Pod name list

POD_LIST=`echo $PODS_DATA | jq '.items[].metadata.name'`

# Get Pod status

for pod_name in $POD_LIST do

STATUS=`echo $PODS_DATA | jq '.items[] | select(.metadata.name == '$pod_name')' | jq '.status.phase'`

echo $pod_name,$STATUS done

Kubernetes リソース監視スクリプト ~ Deployment

59

#!/bin/bash

# Set args.

ENDPOINT=$1

DEPLOYMENT_NAME=$2 THRESHOLD=$3

# Get Deployment json data.

DEPLOYMENT_DATA=`curl -s

$ENDPOINT/apis/extensions/v1beta1/deployments`

if [ -z "$DEPLOYMENT_DATA" ] then

echo "ERROR: Can't access to Kubernetes API endpoint."

exit 2 fi

# Get Deployment status.

AVAILABLE_REPLICAS=`echo $DEPLOYMENT_DATA | jq '.items[] | select(.metadata.name == "'$DEPLOYMENT_NAME'")' | jq -r '.status.availableReplicas'`

# Check Deployment status.

STATUS=""

if test $AVAILABLE_REPLICAS -eq 0 then

STATUS=0 # Error: No Pods are available.

elif test $AVAILABLE_REPLICAS -le $THRESHOLD then

STATUS=1 # Warning: Available Pods are less than or equal to threshold.

else

STATUS=2 # Healthy: Available Pods are more than threshold.

fi

# Return Deployment status.

echo $STATUS

ドキュメント内 自己紹介 伊藤広樹 ( 所属 : 日本電信電話株式会社 ) 2015 年 2016 年 社内 OpenStack 基盤の運用 2017 年 ( 現在 ) Blazarにコントリビュート開始 平井普 ( 所属 :NTTコムウェア) 2011 年 2016 年 NTT 通信網 NW 機器の運用設定 20 (ページ 38-60)