注册 VIM 的配置文件

要注册 VIM(虚拟化基础设施管理器),需要通过 openstack 命令提供配置文件。以下是一个使用配置文件注册名为 my-default-vim 的默认 VIM 的示例。

$ openstack vim register --is-default --config-file vim_config.yaml \
  --description "Some message" my-default-vim

VIM 类型

Tacker 支持两种类型的 VIM,OpenStack 和 Kubernetes,并根据配置文件的内容了解请求注册的 VIM 类型。

您可以使用专用脚本准备配置文件。它生成给定类型的 VIM 配置。默认 VIM 类型是 OpenStack。在下面的示例中,它使用默认参数生成 OpenStack 的配置。 TACKER_ROOT 是服务器上 tacker 仓库的根目录。

$ bash TACKER_ROOT/tools/gen_vim_config.sh
Config for OpenStack VIM 'vim_config.yaml' generated.

此脚本有助于配置 VIM,并从您的环境中查找配置所需的参数。对于 OpenStack VIM,参数从 OpenStack 的环境变量中检索。另一方面,对于 Kubernetes VIM,参数通过 kubectl 命令检索。如果您使用默认参数的 Kubernetes VIM,只需显式添加选项 -t k8s-t kubernetes 即可。

$ bash TACKER_ROOT/tools/gen_vim_config.sh -t k8s
Config for Kubernetes VIM 'vim_config.yaml' generated.

用法

您可以使用帮助消息中参考的选项配置所有参数。有三类选项,CommonOpenStackKubernetes

Common 选项如其名称所示,适用于这两种类型。 -o--output 用于输出文件名,-eendpoint 用于指定端点 URL,-p--project 用于项目名称。除了 Common 之外,OpenStackKubernetes 的其他选项将在下一节中说明。

$ bash tools/gen_vim_config.sh -h
Generate config file for registering VIM

usage:
  gen_vim_config.sh [-t VIM_TYPE] [-o OUTPUT_FILE] [-e ENDPOINT]
      [-p PROJECT_NAME] [--os-user USER_NAME] [--os-password PASSWORD]
      [--os-project-domain PROJECT_DOMAIN] [--os-user-domain USER_DOMAIN]
      [--os-disable-cert-verify] [--k8s-token TOKEN] [--k8s-use-cert]
      [--k8s-helm-info] [--k8s-helm-info-ip K8S_MASTER_NODE_IP]
      [--k8s-helm-info-user HELM_USER] [--k8s-helm-info-pass HELM_PASSWORD]
      [--k8s-use-helm] [-h]

options:
  All of options are optional.

  1) Common options
    -t|--type VIM_TYPE
      type of VIM.
        * 'openstack' or 'os' for OpenStack
        * 'kubernetes' or 'k8s' for Kubernetes
      default value is 'openstack'.
    -o|--output OUTPUT_FILE
      name of output file, default value is 'vim_config.yaml'.
    -e|--endpoint ENDPOINT
      endpoint consists of url and port, such as 'https://127.0.0.1:6443'.
    -p|--project PROJECT_NAME
      name of project in which VIM is registered, default value is
      'admin'.
    -h|--help
      show this message.

  2) Options for OpenStack VIM
    --os-user USER_NAME
      name of OpenStack user, value of 'OS_USERNAME' is used by default.
    --os-password PASSWORD
      password of OpenStack user, value of 'OS_PASSWORD' is used by default.
    --os-project-domain PROJECT_DOMAIN
      name of project domain, value of 'OS_PROJECT_DOMAIN_ID' is used by
      default.
    --os-user-domain USER_DOMAIN
      name of user domain, value of 'OS_USER_DOMAIN_ID' is used by default.
    --os-disable-cert-verify
      use this option only if you set 'cert_verify' to False to disable
      verifying against system certificates for keystone.

  3) Options for Kubernetes VIM
    --k8s-token TOKEN
      bearer token.
    --k8s-use-cert
      use SSL CA cert.
    --k8s-helm-info
      configure VIM to use helm for v1 Tacker.
    --k8s-helm-info-ip K8S_MASTER_NODE_IP
      k8s master node IPs, such as '192.168.56.10,192.168.56.11'.
      can be used if --k8s-helm-info is specified, default value is '127.0.0.1'.
    --k8s-helm-info-user HELM_USER
      user to login through ssh to execute the CLI command of Helm.
      can be used if --k8s-helm-info is specified, default value is 'helm_user'.
    --k8s-helm-info-pass HELM_PASSWORD
      password of the user specified by --k8s-helm-info-user.
      can be used if --k8s-helm-info is specified, default value is 'helm_password'.
    --k8s-use-helm
      configure VIM to use helm for v2 Tacker.

OpenStack

以下是 OpenStack VIM 的配置示例,其中包含所有必需的参数。它取决于您之前创建的帐户信息,然后准备配置文件。

auth_url: 'http://127.0.0.1/identity'
username: 'nfv_user'
password: 'mySecretPW'
project_name: 'nfv'
project_domain_name: 'Default'
user_domain_name: 'Default'
cert_verify: 'True'

认证 URL

OpenStack 的端点 URL。

用户名

OpenStack VIM 的用户名。通常设置为 OS_USERNAME

密码

OpenStack VIM 的密码。通常设置为 OS_PASSWORD

项目域

项目域的名称,默认使用 OS_PROJECT_DOMAIN_ID 的值。

用户域

仅当您将 cert_verify 设置为 False 以禁用对系统证书的验证时才使用此选项。

证书验证

TrueFalse 用于激活 CERT 验证。

Kubernetes

您使用从 kubectl 命令检索的参数配置 Kubernetes VIM,如 Kubernetes VIM 安装 中所述。

1. 以下是使用服务帐户令牌的 Kubernetes VIM 配置示例。

auth_url: "https://192.168.33.100:6443"
project_name: "default"
bearer_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6IlBRVDgxQkV5VDNVR1M1WGEwUFYxSXFkZFhJWDYzNklvMEp2WklLMnNFdk0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi12cnpoaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImNhY2VmMzEzLTMzYjYtNDQ5MS1iMWUyLTg0NmQ2N2E0OTdkNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.R76VIWVZnQxa9NG02HIqux1xTJG4i7dkXsp52T4UU8bvNfsfi18kW_p3ZvaNTxw0yABBcmkYZoOBe4MNP5cTP6TtR_ERZoA5QCViasW_u36rSTBT0-MHRPbkXjJYetzYaFYUO-DlJd3194yOtVHtrxUd8D31qw0f1FlP8BHxblDjZkYlgYSjHCxcwEdwlnYaa0SiH2kl6_oCBRFg8cUfXDeTOmH9XEfdrJ6ubJ4OyqG6YjfiKDDiEHgIehy7s7vZGVwVIPy6EhT1YSOIhY5aF-G9nQSg-GK1V9LIq7petFoW_MIEt0yfNQVXy2D1tBhdJEa1bgtVsLmdlrNVf-m3uA"
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdrdWJl
LWNhMB4XDTIwMDgyNjA5MzIzMVoXDTMwMDgyNDA5MzIzMVowEjEQMA4GA1UEAxMH
a3ViZS1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxkeE16lPAd
pfJj5GJMvZJFcX/CD6EB/LUoKwGmqVoOUQPd3b/NGy+qm+3bO9EU73epUPsVaWk2
Lr+Z1ua7u+iib/OMsfsSXMZ5OEPgd8ilrTGhXOH8jDkif9w1NtooJxYSRcHEwxVo
+aXdIJhqKdw16NVP/elS9KODFdRZDfQ6vU5oHSg3gO49kgv7CaxFdkF7QEHbchsJ
0S1nWMPAlUhA5b8IAx0+ecPlMYUGyGQIQgjgtHgeawJebH3PWy32UqfPhkLPzxsy
TSxk6akiXJTg6mYelscuxPLSe9UqNvHRIUoad3VnkF3+0CJ1z0qvfWIrzX3w92/p
YsDBZiP6vi8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAIbv2ulEcQi019jKz4REy7ZyH8+ExIUBBuIz
InAkfxNNxV83GkdyA9amk+LDoF/IFLMltAMM4b033ZKO5RPrHoDKO+xCA0yegYqU
BViaUiEXIvi/CcDpT9uh2aNO8wX5T/B0WCLfWFyiK+rr9qcosFYxWSdU0kFeg+Ln
YAaeFY65ZWpCCyljGpr2Vv11MAq1Tws8rEs3rg601SdKhBmkgcTAcCzHWBXR1P8K
rfzd6h01HhIomWzM9xrP2/2KlYRvExDLpp9qwOdMSanrszPDuMs52okXgfWnEqlB
2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY=
-----END CERTIFICATE-----"
type: "kubernetes"

2. 另一个使用 OpenID Connect 令牌的 Kubernetes VIM 配置示例。OpenID Connect 相关参数在 Kubernetes VIM OpenID 令牌身份验证使用指南 中描述。

auth_url: "https://192.168.33.100:6443"
project_name: "default"
oidc_token_url: "https://192.168.33.100:8443/realms/oidc/protocol/openid-connect/token"
client_id: "tacker"
client_secret: "A93HfOUpySm6BjPug9PJdJumjEGUJMhc"
username: "end-user"
password: "end-user"
ssl_ca_cert: "-----BEGIN CERTIFICATE-----
MIICwjCCAaqgAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdrdWJl
LWNhMB4XDTIwMDgyNjA5MzIzMVoXDTMwMDgyNDA5MzIzMVowEjEQMA4GA1UEAxMH
a3ViZS1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxkeE16lPAd
pfJj5GJMvZJFcX/CD6EB/LUoKwGmqVoOUQPd3b/NGy+qm+3bO9EU73epUPsVaWk2
Lr+Z1ua7u+iib/OMsfsSXMZ5OEPgd8ilrTGhXOH8jDkif9w1NtooJxYSRcHEwxVo
+aXdIJhqKdw16NVP/elS9KODFdRZDfQ6vU5oHSg3gO49kgv7CaxFdkF7QEHbchsJ
0S1nWMPAlUhA5b8IAx0+ecPlMYUGyGQIQgjgtHgeawJebH3PWy32UqfPhkLPzxsy
TSxk6akiXJTg6mYelscuxPLSe9UqNvHRIUoad3VnkF3+0CJ1z0qvfWIrzX3w92/p
YsDBZiP6vi8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAIbv2ulEcQi019jKz4REy7ZyH8+ExIUBBuIz
InAkfxNNxV83GkdyA9amk+LDoF/IFLMltAMM4b033ZKO5RPrHoDKO+xCA0yegYqU
BViaUiEXIvi/CcDpT9uh2aNO8wX5T/B0WCLfWFyiK+rr9qcosFYxWSdU0kFeg+Ln
YAaeFY65ZWpCCyljGpr2Vv11MAq1Tws8rEs3rg601SdKhBmkgcTAcCzHWBXR1P8K
rfzd6h01HhIomWzM9xrP2/2KlYRvExDLpp9qwOdMSanrszPDuMs52okXgfWnEqlB
2ZrqgOcTmyFzFh9h2dj1DJWvCvExybRmzWK1e8JMzTb40MEApyY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC7TCCAdWgAwIBAgIUQK2k5uNvlRLx43LI/t3a2/A/3iQwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0yMjA4MDQwNjIwNTFaFw0yMzA4
MDQwNjIwNTFaMBMxETAPBgNVBAMMCEtleWNsb2FrMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAni7HWLn2IpUImGO1sbBf/XuqATkXSeIIRuQuFymwYPoX
BP7RowzrbfF9KUwdIKlz9IXjqb1hplumiqNy1Sc7MmrTY9Fj87MNAMlnCIvyWkjE
XVXWxGef49mqc85P2K1iuAsr2R7sDrv7SC0ch+lHclOjGDmCjKOk8qF3kD1LATWg
zf42aXb4nNF9kyIOPEbI+jX4PWhAQpEz5nIG+xIRjTHGfacjpeg0+XOK21wLAuQB
fqebJ6GxX4OzB37ZtLLgrKyBYWaWuYkWbexVRM3wEvQu8ENkvhV017iPuPHSxNWx
Y8z072XMs9j8XRQD65EVqObXyizotPRJF4slEJ9qMQIDAQABozcwNTAJBgNVHRME
AjAAMAsGA1UdDwQEAwIF4DAbBgNVHREEFDAShwR/AAABhwTAqAIhhwQKCgCMMA0G
CSqGSIb3DQEBCwUAA4IBAQBebjmNHd8sJXjvPQc3uY/3KSDpk9AYfYzhUZvcvLNg
z0llFqXHaFlMqHTsz1tOH4Ns4PDKKoRT0JIKC1FkvjzqgL+X2jWFS0NRoNyd3W3B
yHLEL7MdQqDR+tZX02EGfaGXjuy8GHIU4J2hXhohmpn6ntfiRONfY8jaEjIecPFS
IwZWXNhsDESa1zuDe0PatES/Ati8bAUpN2rb/7rsE/AeM5GXpQfOKV0XxdIeBZ82
Vf5cUDWPipvq2Q9KS+yrTvEObGtA6gKhQ4bpz3MieU3N8AtQpEKtROH7mJWMHyl2
roD1k8KeJlfvR/XcVTGFcgIdNLfKIdd99Xfi4gSaIKuw
-----END CERTIFICATE-----"
type: "kubernetes"

认证 URL

Kubernetes 的端点 URL。

项目名称

项目的名称。

Bearer 令牌

访问 Kubernetes API 所需的 Bearer 令牌。

使用 SSL CA 证书

用于 X.509 客户端身份验证的 SSL CA 证书的值。它可以为 None。如果同时需要 Kubernetes 和 OpenID 提供商的 SSL 证书,则应使用换行符连接它们。

类型

VIM 的类型,显式指定为 kubernetes

OpenID 令牌 URL

OpenID 提供商的令牌端点 URL。

客户端 ID

依赖方(客户端)的名称。

客户端密钥

依赖方(客户端)的密钥。

用户名

端用户的名称。

密码

端用户的密码。