注意:要先在控制节点安装监控服务,后在计算节点安装相应服务
1、在控制节点安装监控服务
包括: api,collector , central, python-ceilometerclient
yum install openstack-ceilometer-api openstack-ceilometer-collector openstack-ceilometer-central python-ceilometerclient
实际执行openstack-status得到
== Ceilometer services ==
openstack-ceilometer-api: active
openstack-ceilometer-central: inactive (disabled on boot)
openstack-ceilometer-compute: inactive (disabled on boot)
openstack-ceilometer-collector: active
openstack-ceilometer-alarm-notifier: active
openstack-ceilometer-alarm-evaluator: inactive (disabled on boot)
openstack-ceilometer-notification: active
2制定监控数据存储的数据库
yum install mongodb-server mongodb
3启动mongodb服务并开启启动
systemctl start mongod
systemctl status mongod
4创建数据库和一个名为 ceilometer 的数据库用户:
现在的问题是如何开启监控服务
systemctl start openstack-ceilometer-compute
解决办法:在/etc/mongod.conf中
将
security:
authorization: enabled
修改为
security:
authorization: disabled
重启服务
systemctl restart mongod
ceilometer使用过程:
mongo
use ceilometer
db.createUser( { user: "ceilometer",
pwd: "CEILOMETER_DBPASS",
roles: [ "readWrite", "dbAdmin" ]
} )
报错:用户已经存在
openstack-config --set /etc/ceilometer/ceilometer.conf \
database connection mongodb://ceilometer:CEILOMETER_DBPASS@controller:27017/ceilometer
5 配置监控服务使用数据库:
openstack-config --set /etc/ceilometer/ceilometer.conf \
database connection mongodb://ceilometer:CEILOMETER_DBPASS@controller:27017/ceilometer
实际:
connection = mongodb://ceilometer:2PEvUS1U@192.168.10.3/ceilometer
6定义密钥作为监控服务节点间的共享密钥
# ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
# openstack-config --set /etc/ceilometer/ceilometer.conf publisher_rpc metering_secret $ADMIN_TOKEN
实际:
并且echo $ADMIN_TOKEN 执行后没有内容
metering_secret=hwRxPo0n
7在监控服务的配置文件/etc/ceilometer/ceilometer.conf 中添加证书:
7.1 配置验证主机的ip
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_host controller
实际:
# Host providing the admin Identity API endpoint. Deprecated, use
# identity_uri. (string value)
#auth_host = 127.0.0.1
auth_host = 192.168.10.2
7.2 配置服务名称为ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken admin_user ceilometer
实际
# Service username. (string value)
#admin_user = <None>
admin_user = ceilometer
7.3 配置服务的租户名称为services
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken admin_tenant_name service
实际:
# Service tenant name. (string value)
#admin_tenant_name = admin
admin_tenant_name = services
7.4 配置验证的协议为http
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_protocol http
实际:
# Protocol of the admin Identity API endpoint (http or https).
# Deprecated, use identity_uri. (string value)
#auth_protocol = https
auth_protocol = http
7.5配置admin的密码
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken admin_password CEILOMETER_PASS
实际:
# Service user password. (string value)
#admin_password = <None>
admin_password = VQ7A0zz4
注意:这里的admin密码VQ7A0zz4和数据库中ceilometer对应的密码:2PEvUS1U不一样
解释:
openstack-config --set 配置文件名 标签名 键 值
8 在认证服务上注册监控服务,这样其他的OpenStack服务就可以找到他。创建服务及端点
keystone service-create --name=ceilometer --type=metering \
--description="Ceilometer Telemetry Service"
执行keystone service-list如下
id name | type | description
| 00a76a1902494d229b33662fb1288dc5 | ceilometer | metering | Openstack Metering Service |
9 根据返回的服务IP创建端点:
keystone endpoint-create \
--service-id=the_service_id_above \
--publicurl=http://controller:8777/ \
--internalurl=http://controller:8777/ \
--adminurl=http://controller:8777/
执行 keystone endpoint-list如下
id | region | publicurl | internalurl | adminurl | service_id
| 317d2d06d88c4fbeab8af0bd6bf8ed55 | RegionOne | http://172.16.10.2:8776/v2/%(tenant_id)s | http://192.168.10.2:8776/v2/%(tenant_id)s | http://192.168.10.2:8776/v2/%(tenant_id)s | 446ca17928fc49e185c2c6e9077e4150 |
9 启动监控服务,并配置他们为开机启动:主要检查api,控制节点,收集器是否启动
service openstack-ceilometer-api start
service openstack-ceilometer-central start
service openstack-ceilometer-collector start
chkconfig openstack-ceilometer-api on
chkconfig openstack-ceilometer-central on
chkconfig openstack-ceilometer-collector on
检查状态:service openstack-ceilometer-api status ,发现已经启动active
检查:service openstack-ceilometer-central status,发现没有启动
检查: service openstack-ceilometer-collector status,已经启动
二、为监控服务安装计算代理
1 在计算节点安装监控服务:
yum install openstack-ceilometer-compute
实际:执行openstack-status
得到
== Ceilometer services ==
openstack-ceilometer-api: inactive (disabled on boot)
openstack-ceilometer-central: inactive (disabled on boot)
openstack-ceilometer-compute: active
openstack-ceilometer-collector: inactive (disabled on boot)
发现ceilometer-compute已经开启
2在 /etc/nova/nova.conf 文件中设置以下选项:
2.1 设置instance是否存在的周期性通知服务
openstack-config --set /etc/nova/nova.conf DEFAULT instance_usage_audit True
实际:
# Generate periodic compute.instance.exists notifications (boolean value)
#instance_usage_audit=false
instance_usage_audit=True
2.2 产生实例使用信息的周期,必须是小时,天,月或者年,默认是小时
openstack-config --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
实际:
# Time period to generate instance usages for. Time period must be hour, day,
# month or year (string value)
#instance_usage_audit_period=month
instance_usage_audit_period=hour
2.3 设置计算节点的实例更新信息。默认设置是对虚拟机和人物状态的改变都可以通知
openstack-config --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
实际:
# If set, send compute.instance.update notifications on instance state changes.
# Valid values are None for no notifications, "vm_state" for notifications on
# VM state changes, or "vm_and_task_state" for notifications on VM and task
# state changes. (string value)
#notify_on_state_change=<None>
notify_on_state_change=vm_and_task_state
2.4 设置处理发送通知的驱动器,默认是通过消息发送messaging,不同
openstack-config --set /etc/nova/nova.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier
实际:
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
#notification_driver =
notification_driver =messaging
2.5 设置发送通知的驱动为 nova_driver ? ,不同,为什么会重复设置
openstack-config --set /etc/nova/nova.conf DEFAULT notification_driver ceilometer.compute.nova_driver
实际:与上面相同
notification_driver =messaging
3你必须配置之前由你定义的秘钥。监控服务节点共享该秘钥:
openstack-config --set /etc/ceilometer/ceilometer.conf publisher_rpc metering_secret $ADMIN_TOKEN
实际:注意是在计算节点的ceilometer.conf中配置
# Secret value for signing messages. Set value empty if signing is not
# required to avoid computational overhead. (string value)
# Deprecated group/name - [DEFAULT]/metering_secret
# Deprecated group/name - [publisher_rpc]/metering_secret
# Deprecated group/name - [publisher]/metering_secret
#telemetry_secret = change this for valid signing
metering_secret=hwRxPo0n
而在控制节点的ceilometer.conf是
# Secret value for signing messages. Set value empty if signing is not
# required to avoid computational overhead. (string value)
# Deprecated group/name - [DEFAULT]/metering_secret
# Deprecated group/name - [publisher_rpc]/metering_secret
# Deprecated group/name - [publisher]/metering_secret
#telemetry_secret = change this for valid signing
metering_secret=hwRxPo0n
两者是一样的
4启动服务并设置他们为开机启动:
service openstack-ceilometer-compute start
chkconfig openstack-ceilometer-compute on
这个命令应该改为:
systemctl start openstack-ceilometer-compute
systemctl status openstack-ceilometer-compute
实际执行: openstack-status
已经开启
openstack-ceilometer-compute: active
三、为监控服务安装镜像服务代理
1为了检索镜像样本,你必须配置镜像服务发送通知到信息总线。?未找到,可能是控制节点
openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT notifier_strategy qpid
?这个是计算节点,还是控制节点:
实际:发现这两个节点里面都没有notifier_strategy通知策略
2重启镜像服务,让新增的配置生效:
service openstack-glance-api restart
service openstack-glance-registry restart
实际:
在控制节点执行: openstack-status|grep openstack-glance-api
显示: openstack-glance-api: active
在计算节点执行:没有发现
notification agents监听notification队列,除了ceilometer内部通信,nova/glance/neutron/cinder/swift/keystone/heat等都向该队列发送上报数据
四、为监控服务添加块存储服务代理
1为了检索卷样本,你必须配置块存储服务发送通知到信息总线。 ?不同
注意:配置的是cinder.conf
openstack-config --set /etc/cinder/cinder.conf DEFAULT control_exchange cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT notification_driver cinder.openstack.common.notifier.rpc_notifier
实际:
控制节点有cinder.conf,计算节点没有。
配置了发送通知的驱动是消息
# The Drivers(s) to handle sending notifications. Possible values are
# messaging, messagingv2, routing, log, test, noop (multi valued)
#notification_driver =
notification_driver =messaging
2重启块存储服务,让新增的配置生效:
不同,没有openstack-cinder-agent-central
service openstack-cinder-api restart
service openstack-cinder-agent-central restart
实际:执行 openstack-status|grep openstack-cinder
== Cinder services ==
openstack-cinder-api: active
openstack-cinder-scheduler: active
openstack-cinder-volume: active
openstack-cinder-backup: active
五、为监控服务添加对象存储服务代理
1为了检索对象存储统计信息。监控服务需要以 ResellerAdmin 角色访问对象存储:
执行: keystone role-create --name=ResellerAdmin
该命令的作用是:创建一个新的惧色用于访问对象存储
执行后报错:
Conflict occurred attempting to store role - Duplicate Entry (HTTP 409) (Request-ID: req-53620d1b-1efc-4b06-8807-d2b080375fc5)
查询keystone角色
keystone role-list
发现
| id | name |
+----------------------------------+-----------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | Member |
| d7f2ccac97a3409587cbe417c568e8b4 | ResellerAdmin |
| e6375d8ffbda4ccdbbce4456fa3d31e1 | admin |
| 9c62941dbef24ab481195bcc7c5fe130 | heat_stack_user |
执行: keystone user-role-add --tenant service --user ceilometer \
--role 462fa46c13fd4798a95a3bfbe27b5e54
该命令的作用是:给用户分配一个角色
user-role-add :为用户添加角色
--tenant service:指定租户为service
--tenant <tenant>, --tenant-id<tenant-id> # New user default tenant,创建用户时可以不指定tenant,后续通过user-role-add关联到某个tenant
--user ceilometer:指定用户的名称或id
--user <user>, --user-id <user>,--user_id <user> # Name or ID of user
--role 462fa46c13fd4798a95a3bfbe27b5e54" :指定用户被分配的角色
--role <role>, --role-id <role>,--role_id <role> # Name or ID of role
验证:查看用户对应的租户和角色
keystone user-role-list
user-role-list 作用:列出被分配给用户的角色
实际执行结果
+----------------------------------+-------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+-------+----------------------------------+----------------------------------+
| e6375d8ffbda4ccdbbce4456fa3d31e1 | admin | 8ceca41e49d94ea69790a1250698d6f1 | 242b86b0d1bb4f078596364cbc4560cf |
发现用户ceilometer没有被分配角色ResellerAdmin
所以执行:
keystone role-list
得到ResellerAdmin角色的id
keystone user-role-add --tenant service --user ceilometer --role d7f2ccac97a3409587cbe417c568e8b4
执行后报错:
No tenant with a name or ID of 'service' exists
所以需要创建租户(所谓的项目)。这一块,需要在界面创建租户
查看权限管理,为
名称 描述 项目ID 企业 激活
admin admin tenant 242b86b0d1bb4f078596364cbc4560cf Default
查询租户: keystone tenant-list
发现有admin,service,services
将ceilometer赋予admin的租户
keystone user-role-add --tenant service --user ceilometer --role d7f2ccac97a3409587cbe417c568e8b4
报错:
Conflict occurred attempting to store role grant - User f9e4a37bd3884e48aa41007d247506c5 already has role d7f2ccac97a3409587cbe417c568e8b4 in tenant fea8a0c72b10499c8e25af6d4d371990 (HTTP 409) (Request-ID: req-0aa1260d-3ee5-4579-b554-e980e8f803c4)
尝试将角色分配给用户,该用户已经在租户中拥有一个角色
执行: keystone user-role-list , 没有发现用户ceilometer被分配租户和角色
查看ceilometer用户信息: keystone user-get f9e4a37bd3884e48aa41007d247506c5
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| email | ceilometer@example.org |
| enabled | True |
| id | f9e4a37bd3884e48aa41007d247506c5 |
| name | ceilometer |
| user_role | domain_member |
| user_type | individual |
| username | ceilometer |
+-----------+----------------------------------+
所以已经有了domain_member角色,现在就是缺少租户?
执行:keystone help user-role-list
keystone user-role-list --user f9e4a37bd3884e48aa41007d247506c5:查看用户被分配的角色
keystone user-role-list --tenant fea8a0c72b10499c8e25af6d4d371990 : 查看service租户被分配的角色
要解决的问题就是:为用户ceilometer分配租户service,角色为ResellerAdmin
为用户在租户中添加角色。本质是1、将用户绑定到租户中;2、租户赋予角色
ceilometer和租户service关联
关键问题是要弄清楚:用户,租户,角色三者之间关系
管理员角色用户才能管理,创建flavor
普通租户只能查看本租户内虚拟机资源
用户可以在不同的租户中承担不同角色,可在一个租户承担多个角色
user-list :
f9e4a37bd3884e48aa41007d247506c5 | ceilometer
tenant-list:
| 242b86b0d1bb4f078596364cbc4560cf | admin | True |
| fea8a0c72b10499c8e25af6d4d371990 | service | True |
| 183cde3dd1cd4fffa2ceb58a18b69adc | services | True
role-list:
| 9fe2ff9ee4384b1894a90878d3e92bab | Member |
| d7f2ccac97a3409587cbe417c568e8b4 | ResellerAdmin |
| e6375d8ffbda4ccdbbce4456fa3d31e1 | admin |
| 9c62941dbef24ab481195bcc7c5fe130 | heat_stack_user
user-role-list:
角色id | 用户名称 | 用户id ? | 租户id
e6375d8ffbda4ccdbbce4456fa3d31e1 | admin | 8ceca41e49d94ea69790a1250698d6f1 | 242b86b0d1bb4f078596364cbc4560cf
这个是:id为8ceca41e49d94ea69790a1250698d6f1的用户,该用户角色为admin,该用户所属的租户为admin
我需要对用户ceilometer,指定角色为ResellerAdmin,租户为service
keystone user-role-add --tenant service --user ceilometer --role ResellerAdmin
2 已经创建好了
Conflict occurred attempting to store role grant - User f9e4a37bd3884e48aa41007d247506c5 already has role d7f2ccac97a3409587cbe417c568e8b4 in tenant fea8a0c72b10499c8e25af6d4d371990 (HTTP 409) (Request-ID: req-e946e2b8-6014-44bf-9c2f-115722fda6dc)
不管了。
2 你也必须为对象存储添加监控中间件,以便处理即将到来和即将出去的流量。将这些行添加进 /etc/swift/proxy-server.conf 文件。
[filter:ceilometer]
use = egg:ceilometer#swift
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth ceilometer proxy-server
这个有疑问,控制节点分配的角色是controller和mongo.计算节点分配的角色是compute和ceph-osd
roller选择安装的是ceilometer ceph for cinder/nova/glance
实际:在计算和控制节点上都没有/etc/swift/proxy-server.conf 文件。
3重启服务启用新配置:
service openstack-swift-proxy-server restart
六、校验监控服务的安装
下载镜像,并使用监控服务显示使用统计信息。
1 使用ceilometer meter-list命令测试访问监控服务
2 从镜像服务下载镜像
glance image-download "CirrOS 0.3.1" > cirros.img
实际:查看镜像列表
nova image-list
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| 6c67c333-b658-47c8-9637-8a7ac36234ae | TestVM | ACTIVE | |
+--------------------------------------+--------+--------+--------+
glance image-download --file TestVM.img --progress 6c67c333-b658-47c8-9637-8a7ac36234ae
执行:
ceilometer meter-list|grep "image.download"
发现镜像下载的确没有。
需要解决ceilometer到底是没生效,还是需要对监控项meter进行配置
| Name | Type | Unit | Resource ID |User ID| Project ID |
+----------------------------------+-------+-----------+-------
| image.upload| gauge | event | 6c67c333-b658-47c8-9637-8a7ac36234ae | None | 242b86b0d1bb4f078596364cbc4560cf |
镜像上传
glance image-create --name test-win7 --container-format bare --disk-format qcow2 --file win7.img
glance image-create --name cirros2 --disk-format=qcow2 --container-format=bare --protected=True --file=/home/chaoma/cirros-0.3.4-x86_64-disk.img
解释:
-name Name:上传完镜像在openstack中显示的名称
--disk-format DISK_FORMAT: 镜像格式
--container-format CONTAINER_FORMAT: 图片的容器模式,可以是ami,ari,aki,ovf,bare默认是bare.
多媒体容器格式,指定数据存储在文件中。
-owener TENANT_ID:哪个租户可以使用此镜像
-size SIZE:镜像大小
--file FILE:镜像所在本地目录
--is-public TRUE/FALSE:是否共享此镜像
实际执行:
glance image-create --name cirros5 --disk-format=qcow2 --container-format=bare --visibility=public --file=/home/chaoma/cirros-0.3.4-x86_64-disk.img
执行: nova image-list
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| 6c67c333-b658-47c8-9637-8a7ac36234ae | TestVM | ACTIVE | |
| 09c0e159-eee8-4b59-95e1-5c4a2bbca5c0 | cirros | ACTIVE | |
执行: ceilometer image-list出现了
| Name | Type | Unit | Resource ID | User ID | Project ID |
| image.upload | gauge | event | 09c0e159-eee8-4b59-95e1-5c4a2bbca5c0 | 242b86b0d1bb4f078596364cbc4560cf | 242b86b0d1bb4f078596364cbc4560cf |
表明上传镜像被监控了,镜像id是作为资源id
事件是可以监控的,可能image.download没有被监控。
接下来就是监控cpu_util。
解释:
glance help image-create:是查询image-create参数
3查询镜像使用统计信息
ceilometer statistics -m image.download -p 60
ceilometer statistics --meter cpu_util
ceilometer statistics -m image.create -p 3600
ceilometer help statistics:
-p <PERIOD>:聚集在PERIOD秒中的采样信息
-m <NAME>:监控项的名称
最终执行:
ceilometer statistics -m image.create -p 3600
发现内容是空的