Cloud Foundry介紹
Cloud Foundry是業界第一個開源的PaaS,號稱工業界唯一的雲應用平台。
本文重點講述Cloud Foundry在阿里雲上的部署方案,對於Cloud Foundry介紹的部分簡單略過。
Cloud Foundry解決了什么問題?
關鍵詞:PaaS、開源
Cloud Foundry是一種平台即服務(PaaS),兼容多種基礎設施雲,提供多種開發框架和應用服務。目前開源支持部署Cloud Foundry的基礎設施雲包括AWS、Azure、OpenStack等等,CF在開發框架上支持Java、.NET、Ruby等等,有很強的靈活性。
IaaS幫助開發者和客戶解決了基礎設施的問題,Cloud Foundry作為PaaS,在雲上讓開發者的視角更高,開發者只需要關注應用和數據。
Cloud Foundry組件(v2版本)
Cloud Foundry是由相對獨立的多個模塊構成的分布式系統,每個模塊單獨存在和運行,各模塊之間通過消息機制進行通信。
Cloud Foundry目前最新的架構為v3版本,各個組件的功能,官網有詳細的介紹,這邊不再贅述。
參考:http://docs.cloudfoundry.org/concepts/architecture/
阿里雲上部署Cloud Foundry實戰
環境說明:
(本文使用軟件版本和環境的說明,涉及到的概念下文會詳細解釋)
阿里雲region:華東1
ruby 版本:2.3.0
bosh-init 版本:0.0.96
Bosh CLI 版本:1.3262.4.0
CF CLI 版本:6.21.0
部署流程
在阿里雲上部署Cloud Foundry,部署流程分為三大部分,分別為:
1. 開通阿里雲環境資源:包括准備阿里雲賬號,開通相關雲產品資源等等
2. 部署Bosh:安裝bosh-init,使用bosh-init部署Bosh
3. 部署Cloud Foundry:使用Bosh部署Cloud Foundry
本文后續內容會根據三步部署流程詳細講述。
一、開通阿里雲環境資源
Cloud Foundry需要部署在VPC環境下,需要開通VPC資源,並創建虛擬交換機,規划好部署Cloud Foundry的內網網段。
同時,也需要創建一對Access Key ID和Access Key Secret,也可以使用現有的Access Key ID和Access Key Secret對。
創建專有網絡VPC
網段沒有限制,筆者選擇了10.0.0./8網段
創建虛擬交換機
可用區和網段沒有限制,方便起見,筆者選擇了華東1可用區E,網段為10.0.0.0/25
創建Access Key ID和Access Key Secret
二、部署Bosh
Bosh介紹
Bosh是一個統一了平台即服務軟件(如Cloud Foundry)的發布、部署和生命周期管理的自動化配置部署工具。簡單的說,Bosh的作用之一就是部署Cloud Foundry,部署Cloud Foundry之前,首先要部署Bosh。
在講怎么在阿里雲上部署Bosh之前,首先需要了解Bosh中的幾個基本概念。
Bosh官網參考:https://bosh.io/docs
CPI
CPI全稱Cloud Platform Interface,是Bosh對外開放的一組標准化接口,在IaaS上部署Bosh,需要實現這組接口,Bosh用CPI對IaaS的資源進行管理,包括創建虛擬機,釋放虛擬機,等等......
在阿里雲上部署Bosh,需要用阿里雲OpenAPI實現CPI。
CPI參考:https://bosh.io/docs/cpi-api-v1.html
CPI API v1完整接口列表:
bosh-init
bosh-init是Bosh官網提供的一個開源工具,它的作用就是用來部署Bosh。
bosh-init參考:https://bosh.io/docs/using-bosh-init.html
stemcell
stemcell是虛擬機鏡像,預裝了部署過程中需要的組件(其中最重要的組件是Bosh Agent),官方的描述是:A stemcell is a versioned Operating System image wrapped with IaaS specific packaging. Bosh用CPI創建的虛擬機,用stemcell鏡像啟動。
stemcell參考:https://bosh.io/docs/stemcell.html
release
release是Bosh中一個安裝部署包的概念,包含了所有安裝分布式系統需要的源代碼、配置文件、腳本文件等等,官網描述為:A release is a versioned collection of configuration properties, configuration templates, start up scripts, source code, binary artifacts, and anything else required to build and deploy software in a reproducible way.
例如,安裝Bosh,我需要一個Bosh-release;用Bosh安裝Cloud Foundry,我需要一個cf-release。
所有release都有版本迭代,都可以在Bosh官網找到。
release參考:https://bosh.io/docs/release.html
Deployment
一個Deployment是一組VM的集合,由指定的stemcell鏡像啟動,用於部署對應release的系統。官方描述為:A deployment is a collection of VMs, built from a stemcell, that has been populated with specific releases and disks that keep persistent data. These resources are created based on a manifest file in the IaaS and managed by the BOSH Director, a centralized management server.
在Bosh的概念里,一個Deployment對應一個release,Deployment的具體配置,寫在Deployment manifest里,在部署過程中提供。
Deployment參考:https://bosh.io/docs/deployment.html
阿里雲上部署Bosh
1. 創建ECS
通過阿里雲控制台創建一個ECS(包年包月、按量均可),用於安裝bosh-init。方便起見,下文以bosh-init指代這台ECS。
推薦配置:
規格:2核4G及以上
鏡像:Ubuntu 14.04 64位
系統盤:40GB以上,高效雲盤
網絡類型:VPC實例,選擇在上一步創建好的VPC和虛擬交換機,公網IP可以選擇不分配。
2. 給bosh-init配置公網IP
因為bosh-init是VPC實例,需要給bosh-init綁定彈性公網IP,讓bosh-init可以通過公網訪問。
按需購買彈性公網IP,並給bosh-init綁定彈性公網IP
3. 安裝bosh-init
參考文檔:http://bosh.io/docs/install-bosh-init.html
- SSH登陸到bosh-init這台ECS
- 下載bosh-init,下載地址見:http://bosh.io/docs/install-bosh-init.html
- 執行權限
chmod +x ~/Downloads/bosh-init-* - 移動到/usr/local/bin
sudo mv ~/Downloads/bosh-init-* /usr/local/bin/bosh-init - 驗證安裝成功
bosh-init -v - 安裝對應環境,筆者使用的是Ubuntu的機器
sudo apt-get install -y build-essential zlibc zlib1g-dev ruby ruby-dev openssl libxslt-dev libxml2-dev libssl-dev libreadline6 libreadline6-dev libyaml-dev libsqlite3-dev sqlite3 - 確保已經安裝Ruby 2+環境
4. 下載bosh-release
bosh-release是開源的,可以從Bosh官網下載:
https://bosh.io/releases/github.com/cloudfoundry/bosh?all=1
筆者使用的是255.3版本的bosh-release
5. 下載cpi-release
CPI近期會開源,請關注:
https://github.com/alibaba/opstools
6. 配置manifest
根據以下模板,新建一個manifest文件bosh.yml,在模板中填充阿里雲資源相關的內容。
--- name: bosh releases: - name: bosh url: file:///root/downloads/bosh-255.3.tgz - name: bosh-aliyun-cpi url: file:///root/downloads/bosh-aliyun-cpi.tgz resource_pools: - name: vms network: private cloud_properties: instance_type: ecs.n4.large # <--- 實例規格 networks: - name: private type: manual subnets: - range: 10.0.0.0/8 gateway: 10.0.0.1 cloud_properties: { SecurityGroupId: SECURITY_GROUP_ID, # <--- 安全組ID VSwitchId: VSWITCH-ID # <--- 虛擬交換機ID } - name: public type: vip jobs: - name: bosh instances: 1 templates: - {name: nats, release: bosh} - {name: redis, release: bosh} - {name: postgres, release: bosh} - {name: blobstore, release: bosh} - {name: director, release: bosh} - {name: health_monitor, release: bosh} - {name: registry, release: bosh} - {name: aliyun_cpi, release: bosh-aliyun-cpi} resource_pool: vms networks: - name: private static_ips: [10.0.0.2] # <--- ECS內網IP default: [dns, gateway] - name: public static_ips: [STATIC_IP] # <--- 彈性公網IP properties: nats: &nats address: 127.0.0.1 user: nats password: nats-password redis: listen_address: 127.0.0.1 address: 127.0.0.1 password: redis-password postgres: &db listen_address: 127.0.0.1 host: 127.0.0.1 user: postgres password: postgres-password database: bosh adapter: postgres registry: ®istry address: 127.0.0.1 host: 127.0.0.1 db: *db http: {user: admin, password: admin, port: 25777} username: admin password: admin port: 25777 blobstore: &blobstore address: 127.0.0.1 port: 25250 provider: dav director: {user: director, password: director-password} agent: {user: agent, password: agent-password} director: address: 127.0.0.1 name: my-bosh db: *db cpi_job: aliyun_cpi max_threads: 10 user_management: provider: local local: users: - {name: admin, password: admin} - {name: hm, password: hm-password} hm: director_account: {user: hm, password: hm-password} resurrector_enabled: true aliyun: &aliyun access_key_id: ACCESS_KEY_ID # <--- 阿里雲 Access Key ID access_key: ACCESS_KEY # <--- 阿里雲 Access Key Secret default_key_name: bosh default_security_groups: [bosh] region_id: cn-hangzhou # <--- 阿里雲 Region ntp: &ntp [0.pool.ntp.org, 1.pool.ntp.org] cloud_provider: template: {name: aliyun_cpi, release: bosh-aliyun-cpi} mbus: "https://mbus:mbus-password@10.0.0.2:6868" # <--- ECS內網IP properties: aliyun: *aliyun agent: mbus: "nats://nats:nats-password@10.0.0.2:4222" # <--- ECS內網IP blobstore: provider: "dav" options: endpoint: "http://10.0.0.2:25250" # <--- ECS內網IP user: "agent" password: "agent-password" blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache} ntp: *ntp nats: *nats registry: *registry blobstore: *blobstore 7. 部署Bosh
執行部署命令:bosh-init deploy bosh.yml
一個部署過程的示例:
8. 驗證Bosh
我們用Bosh CLI驗證Bosh是否部署成功。
Bosh CLI是Bosh官方提供的,用於和Bosh交互的命令行工具。在部署完成Bosh之后,用Bosh CLI和Bosh交互,執行相關命令,進行下一步Cloud Foundry的部署。
安裝Bosh CLI
Bosh CLI可以安裝在任意一台ECS上,或者本地主機上。
安裝Bosh CLI:https://bosh.io/docs/bosh-cli.html
驗證Bosh
執行Bosh CLI命令:bosh target 10.0.0.2
筆者的Bosh CLI安裝在同一個安全組的ECS上,因此可以和部署Bosh的ECS進行內網通訊,直接通過內網IP,target到Bosh。如果需要通過公網通訊,需要給部署Bosh的ECS綁定彈性公網IP,或者使用NAT網關產品,保證網絡能通。
如圖顯示,成功連接到目標Bosh,驗證Bosh成功。bosh releases、bosh stemcells這兩條命令,使用Bosh部署Cloud Foundry的時候會用到,我們下節細講。
三、部署Cloud Foundry
基本概念
首先我們也需要了解用Bosh部署Cloud Foundry過程中的幾個基本概念。
Bosh CLI
上一節講到,我們需要使用已經部署成功的Bosh來部署Cloud Foundry,通過Bosh CLI和Bosh進行交互,執行相關部署命令。因此,使用Bosh部署Cloud Foundry之前,首先需要了解Bosh CLI命令的使用。
Bosh CLI幾個基本命令:
1.連接到指定Boshbosh target [DIRECTOR_URL]
2.列出當前release倉庫中所有的releasebosh releases
3.上傳release到Bosh的release倉庫,只有倉庫里的release可以用於部署bosh upload release [RELEASE_FILE]
4.列出當前stemcell倉庫里的所有stemcellbosh stemcells
5.上傳stemcell到Bosh的stemcell倉庫,只有倉庫里的stemcell可以用於部署bosh upload stemcell STEMCELL_PATHbosh upload stemcell STEMCELL_URL
6.列出當前所有的Deploymentbosh deployments
7.列出當前Deployment的信息bosh deployment
8.切換到指定manifest對應的Deploymentbosh deployment [MANIFEST_PATH]
9.執行部署當前Deploymentbosh deploy
Bosh CLI官網參考:http://bosh.io/docs/sysadmin-commands.html
CPI
在上一步部署Bosh中,已經部署好的Bosh中已經包含了CPI組件,因此在部署Cloud Foundry中不再需要CPI-release
stemcell
和上一步部署Bosh中類似。
cf-release
Cloud Foundry官網提供的壓縮包,包含Cloud Foundry所有組件的源碼。
Deployment manifest
Deployment的配置文件,主要描述了用哪個stemcell,用哪個cf-release,需要部署哪些CF組件,需要多少VM,VM規格信息,VM的IP信息,具體哪個VM部署哪個CF組件,等等......
部署Cloud Foundry流程
1. 下載cf-release
cf-release是開源的,可以從Bosh官網下載:
http://bosh.io/releases/github.com/cloudfoundry/cf-release?all=1
筆者部署用的是215版本的cf-release
2. 登陸到安裝有Bosh CLI的機器
我們需要用Bosh CLI和Bosh進行交互,執行部署Cloud Foundry命令
3. 用Bosh CLI連接到部署好的Bosh
bosh target 10.0.0.2
4. 上傳cf-release
上傳下載完成的cf-release,執行以下Bosh CLI命令:bosh upload release <release_file>
5. 配置manifest
根據以下模板,新建一個manifest文件cf.yml,在模板中填充阿里雲資源相關的內容。
--- name: ali-cf director_uuid: BOSH_DIRECTOR_UUID # <--- Bosh Director UUID releases: - {name: cf, version: 215} networks: - name: private type: manual subnets: - range: 10.0.0.0/8 gateway: 10.0.0.1 #dns: [10.0.0.2] reserved: ["10.0.0.2"] static: ["10.0.0.3 - 10.0.0.100"] cloud_properties: SecurityGroupId: SECURITY_GROUP_ID # <--- 安全組ID VSwitchId: VSWITCH_ID # <--- 虛擬交換機ID resource_pools: - name: small_ecs network: private cloud_properties: instance_type: ecs.n1.tiny # <--- 實例規格 compilation: workers: 1 network: private reuse_compilation_vms: true cloud_properties: instance_type: ecs.n1.medium # <--- 實例規格 update: canaries: 1 max_in_flight: 1 serial: false canary_watch_time: 30000-600000 update_watch_time: 5000-600000 jobs: - name: nats instances: 1 resource_pool: small_ecs templates: - {name: nats, release: cf} networks: - name: private static_ips: [10.0.0.20] # <--- ECS內網IP - name: nfs instances: 1 persistent_disk: 50 resource_pool: small_ecs templates: - {name: debian_nfs_server, release: cf} networks: - name: private static_ips: [10.0.0.21] # <--- ECS內網IP - name: postgres instances: 1 persistent_disk: 50 resource_pool: small_ecs templates: - {name: postgres, release: cf} networks: - name: private static_ips: [10.0.0.22] # <--- ECS內網IP update: serial: true - name: cloud_controller instances: 2 resource_pool: small_ecs templates: - {name: cloud_controller_ng, release: cf} - {name: cloud_controller_worker, release: cf} - {name: cloud_controller_clock, release: cf} - {name: nfs_mounter, release: cf} networks: - name: private static_ips: [10.0.0.23, 10.0.0.33] # <--- ECS內網IP propertis: nfs_server: address: 10.0.0.21 allow_from_entries: [10.0.0.0/24] - name: hm9000 instances: 1 resource_pool: small_ecs templates: # - {name: consul_agent, release: cf} - {name: hm9000, release: cf} # - {name: metron_agent, release: cf} - {name: route_registrar, release: cf} networks: - name: private static_ips: [10.0.0.24] # <--- ECS內網IP - name: doppler_z1 instances: 1 resource_pool: small_ecs templates: - {name: doppler, release: cf} networks: - name: private properties: doppler: {zone: z1} doppler_endpoint: shared_secret: PASSWORD - name: loggregator_trafficcontroller_z1 instances: 1 resource_pool: small_ecs templates: - {name: loggregator_trafficcontroller, release: cf} - {name: metron_agent, release: cf} - {name: route_registrar, release: cf} networks: - name: private properties: traffic_controller: {zone: z1} route_registrar: routes: - name: doppler registration_interval: 20s port: 8081 uris: - "doppler.REPLACE_WITH_SYSTEM_DOMAIN" - name: loggregator registration_interval: 20s port: 8080 uris: - "loggregator.REPLACE_WITH_SYSTEM_DOMAIN" - name: uaa instances: 1 resource_pool: small_ecs templates: - {name: uaa, release: cf} networks: - name: private static_ips: [10.0.0.25] # <--- ECS內網IP properties: login: catalina_opts: -Xmx768m -XX:MaxPermSize=256m uaa: admin: client_secret: PASSWORD batch: password: PASSWORD username: batch_user cc: client_secret: PASSWORD scim: userids_enabled: false users: - cps@aliyun.com|Cps123456|scim.write,scim.read,openid,cloud_controller.admin uaadb: address: 10.0.0.22 # <--- postgres組件內網IP databases: - {name: uaadb, tag: uaa} db_scheme: postgresql port: 5524 roles: - {name: uaaadmin, password: uaa-password, tag: admin} - name: router instances: 1 resource_pool: small_ecs templates: - {name: gorouter, release: cf} networks: - name: private static_ips: [10.0