介绍OpenStack组件之一nova
介绍nova
- 计算服务是openstack最核心的服务之一 , 负责维护和管理云环境的计算资源,它在openstack项目中代号是nova。
- Nova需要keystone、glance、 neutron、 cinder和swift等其他服务的支持, 能与这些服务集成,实现如加密磁盘、裸金属计算实例等。会和其他外部组件集成,共同完成请求
- Nova自身并没有提供任何虚拟化能力,它提供计算服务,使用不同的虚拟化驱动来与底层支持的Hypervisor (虚拟机管理器)进行交互。所有的计算实例(虚拟服务器)由Nova进行生命周期的调度管理(启动、挂起、停止、删除等),全局来看,nova为整个架构提供虚拟化资源、技术,服务层面来看,nova本身并不具备虚拟化能力,而是通过compute组件与虚拟化管理工具交互实现虚拟资源调度。
nova架构
- DB:用于数据存储的sql数据库,存放各组件的工作过程信息,后端裸金属实际的使用资源信息
- API:用于接收HTTP请求、转换命令、通过消息队列或HTTP与其他组件通信
- Scheduler:用于决定哪台计算节点承载计算实例,相当于nova的调度器
- Network:管理IP转发,网桥或虚拟局域网,是一个网络组件
- Compute:管理虚拟机管理器(VMM)与虚拟机之间通信,与hypervisor交互实现虚拟化调用底层硬件资源,计算组件
- Conductor:处理需要协调的的请求(构建虚拟机或调整虚拟机大小的请求),或者处理对象转换
nova中各个组件介绍
API
- 是客户端访问nova的http接口,它由nova-api服务实现,nova-api服务接收和响应来自最终用户的计算api请求,作为openstack对外服务的最主要接口,nova提供了一个集中的可以查询所有api的端点,以便自己平台内部和其他云平台的调用。
- 最终用户不会直接改送RESTful API 请求,而是通过openstack命令行,horison控制面板和其他需要跟nova交换 的组件来使用这些API。
- 所有对nova的请求都首先由nova-api处理,API提供REST标准调用服务,便于与第三方系统集成(其他云平台)。它是外部访问并使用nova提供的各种服务的唯一途径,也是客户端和nova之间的中间件。
- Nova-api对接收到的HTTP API请求做以下处理:
①检查客户端传入的参数是否合法有效(而不止是进行认证)
②调用nova其他服务来处理客户端HTTP请求
③格式化nova其他子服务返回的结果,并返回给客户端
Scheduler(调度器)
调度器的类型
- 随机调度器:从所有正常运行nova-compute服务的节点中随机选择
- 缓存调度器:是随机调度器的一种特殊类型,在随机调度器的基础上,将主机资源信息缓存在本地内存中,然后通过后台的定时任务,定时从数据库中获取最新的主机资源信息,周期性同步而不是实时获取主机资源信息。
- 过滤器调度器:根据指定的过滤条件以及权重选择最佳的计算节点,又称为筛选器。
其中过滤器调度器的调度过程是
①通过指定的过滤器选择满足条件的计算节点,比如内存使用率,可以使用多个过滤器依次进行过滤。也就是预选
②对过滤之后的主机列表进行权重计算并排序,选择最优的计算节点来创建虚拟机实例。也就是优选
过滤器的类型
- RamFilter(内存过滤器)
根据可用内存来调度虚拟机创建,将不能满足实例类型内存需求的计算节点过滤掉,但为了提高系统资源利用率, Openstack在计算节点的可用内存允许超过实际内存大小,可临时突破上限,超过的程度是通过nova.conf配置文件中ram_ allocation_ ratio参数来控制的, 默认值是1.5。(但这只是临时的)
Vi /etc/nova/nova . conf
Ram_ allocation_ ratio=1 .5 - DiskFilter(硬盘过滤器)
根据磁盘空间来调度虚拟机创建,将不能满足类型磁盘需求的计算节点过滤掉。磁盘同样允许超量,超量值可修改nova.conf中disk_ allocation_ ratio参数控制,默认值是1.0,(也是临时的)
Vi /etc/nova/nova.conf
disk_ allocation_ ratio=1.0 - CoreFilter(核心过滤器)
根据可用CPU核心来调度虚拟机创建,将不能满足实例类型vCPU需求的计算节点过滤掉。vCPU也允许超量,超量值是通过修改nova.conf中cpu_ allocation_ratio参数控制,默认值是16。
Vi /etc/nova/nova. conf
cpu_allocation_ ratio=16.0 - RetryFilter(再审过滤器)
主要作用是过滤掉之前已经调度过的节点(类比污点)。如A、B、C都通过了过滤,A权重最大被选中执行操作,由于某种原因,操作在A上失败了。Nova-filter 将重新执行过滤操作,再审过滤器直接过滤掉A,以免再次失败。 - AvailabilityZoneFilter(可用区域过滤器)
主要作用是提供容灾性,并提供隔离服务,可以将计算节点划分到不同的可用区域中。Openstack默认有一个命名为nova的可用区域,所有计算节点一开始都在其中。用户可以根据需要创建自己的一个可用区域。创建实例时,需要指定将实例部署在那个可用区域中。通过可用区过滤器,将不属于指定可用区的计算节点过滤掉。 - ComputeFilter(计算过滤器)
保证只有nova-compute服务正常工作的计算节点才能被nova-scheduler调度,它是必选的过滤器。 - ComputeCapabilitiesFilter(计算能力过滤器)
根据计算节点的特性来过了,如不同的架构。 - ImagePropertiesFilter(镜像属性过滤器)
根据所选镜像的属性来筛选匹配的计算节点,通过元数据来指定其属性。如希望镜像只运行在KVM的Hypervisor上,可以通过Hypervisor Type属性来指定。 - 服务器组反亲和性过滤器
要求尽量将实例分散部署到不同的节点上,设置一个服务器组,组内的实例会通过此过滤器部署到不同的计算节点。适用于需要分开部署的实例。 - 服务器组亲和性过滤器
此服务器组内的实例,会通过此过滤器,被部署在同一计算节点上,适用于需要位于相同节点的实例服务。
权重
- 在对计算节点进行过滤时,多个过滤器依次进行过滤,而不是并行,相当于一个个预选,避免重复对同一个节点进行所有过滤项检验。过滤之后的节点再通过计算权重进行排序。
- 所有权重位于nova/scheduler/weights 目录下,目前默认是RAMweighter,根据计算节点空闲的内存计算权重,内存空闲越多权重越大,计算节点按照内存空闲进行排序。
compute计算组件
- Nova-compute在计算节点上运行,负责管理节点上的实例。通常一个主机运行一 个Nova-compute服务, 一个实例部署在哪个可用的主机上取决于调度算法。OpenStack对实例的操作最后都是提交给Nova-compute来完成。
- Nova-compute可分为两类,一类是定向openstack报告计算节点的状态,另一类是实现实例生命周期的管理。
conductor协调组件
- 以前对资源的管理全部由计算节点承担,在统计资源使用情况时,只是简单的将所有计算节点的资源情况累加起来,但是系统中还存在外部资源,这些资源由外部系统提供。如ceph、nfs等提供的存储资源等。
面对多种多样的资源提供者,管理员需要统一的、简单的管理接口来统计系统中资源使用情况,这个接口就是Placement API。 - PlacementAPI由nova-placement-api服务来实现, 旨在追踪记录资源提供者的目录和资源使用情况。被消费的资源类型是按类进行跟踪的。 如计算节点类、共享存储池类、IP地址类等。
nova组件部署
- 部署nova之前需要先部署placement组件
placement组件部署
- 进入数据库创建placement库,并给placement用户提权,然后刷新权限
[root@ct ~]# mysql -uroot -pabc123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 35
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
- 创建Placement服务用户和API的位置点
[root@ct ~]# openstack user create --domain default --password PLACEMENT_PASS placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1690c95003064ddeb1c78868f870b64c |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 给与placement用户对service项目拥有admin权限
[root@ct ~]# openstack role add --project service --user placement admin
- 创建一个placement服务,服务类型为placement
[root@ct ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 65d971566cf54c46a0e124e0a29fddc5 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
- 注册API端口到placement的service中,注册的信息会写入到mysql中
[root@ct ~]# openstack endpoint create --region RegionOne placement public http://ct:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ef8a46421e144bb681fcfb5c24fab798 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 65d971566cf54c46a0e124e0a29fddc5 |
| service_name | placement |
| service_type | placement |
| url | http://ct:8778 |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne placement internal http://ct:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f13459fb87d64ae096ee1b776ee8cfb5 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 65d971566cf54c46a0e124e0a29fddc5 |
| service_name | placement |
| service_type | placement |
| url | http://ct:8778 |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne placement admin http://ct:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9831f2d1a7e84288b009f7e1be1fead2 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 65d971566cf54c46a0e124e0a29fddc5 |
| service_name | placement |
| service_type | placement |
| url | http://ct:8778 |
+--------------+----------------------------------+
- 安装placement服务
yum -y install openstack-placement-api
- 修改placement配置文件,先备份,然后复制模块到conf中并传递参数
[root@ct ~]# cp /etc/placement/placement.conf{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/placement/placement.conf.bak > /etc/placement/placement.conf
[root@ct ~]# cat /etc/placement/placement.conf
[DEFAULT]
[api]
[cors]
[keystone_authtoken]
[oslo_policy]
[placement]
[placement_database]
[profiler]
[root@ct ~]# openstack-config --set /etc/placement/placement.conf api auth_strategy keystone
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_url http://ct:5000/v3
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken memcached_servers ct:11211
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_type password
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken project_name service
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken username placement
[root@ct ~]# openstack-config --set /etc/placement/placement.conf keystone_authtoken password PLACEMENT_PASS
[root@ct ~]# cat /etc/placement/placement.conf
[DEFAULT]
[api]
auth_strategy = keystone //认证方式
[cors]
[keystone_authtoken]
auth_url = http://ct:5000/v3 //指定keystone地址
memcached_servers = ct:11211 //session信息是缓存放到了memcached中
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
[oslo_policy]
[placement]
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@ct/placement //数据库连接位置
[profiler]
- 然后导入数据库
[root@ct ~]# su -s /bin/sh -c "placement-manage db sync" placement
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
- 修改Apache配置文件,虚拟主机的配置,然后重启httpd
[root@ct conf.d]# pwd
/etc/httpd/conf.d
[root@ct conf.d]# ls
00-placement-api.conf autoindex.conf README userdir.conf welcome.conf wsgi-keystone.conf
[root@ct conf.d]# vim 00-placement-api.conf
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess placement-api processes=3 threads=1 user=placement group=placement
WSGIScriptAlias / /usr/bin/placement-api
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/placement/placement-api.log
#SSLEngine On
#SSLCertificateFile ...
#SSLCertificateKeyFile ...
</VirtualHost>
Alias /placement-api /usr/bin/placement-api
<Location /placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
<Directory /usr/bin> //添加下面的配置来启用对placement api的访问,否则在访问apache的api时会报403,添加在文件的最后即可
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4> //apache版本,允许apache访问/usr/bin目录;否则/usr/bin/placement-api将不允许被访问
Order allow,deny
Allow from all //允许apache访问
</IfVersion>
</Directory>
[root@ct conf.d]# systemctl restart httpd
- 测试访问
[root@ct conf.d]# curl ct:8778
{"versions": [{"status": "CURRENT", "min_version": "1.0", "max_version": "1.36", "id": "v1.0", "links": [{"href": "", "rel": "self"}]}]}
- 查看端口占用
[root@ct conf.d]# netstat -natp | grep 8778
tcp 0 0 192.168.100.1:35024 192.168.100.1:8778 TIME_WAIT -
tcp6 0 0 :::8778 :::* LISTEN 50923/httpd
- 检查placement状态
[root@ct conf.d]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
nova组件部署
在ct节点上部署
- 创建nova数据库,并执行授权操作
[root@ct conf.d]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 45
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
- 然后把nova用户添加到service项目,拥有admin权限
[root@ct conf.d]# openstack user create --domain default --password NOVA_PASS nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 6a19295f2d25412f8a96d357d0d42f34 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 创建nova服务
[root@ct conf.d]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 9be84ebb8de74de7bd8d5d3905ea7990 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
- 给Nova服务关联位置点
[root@ct conf.d]# openstack endpoint create --region RegionOne compute public http://ct:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fe6b4fdf11354897a8d948ed80bfe4c8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9be84ebb8de74de7bd8d5d3905ea7990 |
| service_name | nova |
| service_type | compute |
| url | http://ct:8774/v2.1 |
+--------------+----------------------------------+
[root@ct conf.d]# openstack endpoint create --region RegionOne compute internal http://ct:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 529b25db916a452c8c2bc793762e3d8b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9be84ebb8de74de7bd8d5d3905ea7990 |
| service_name | nova |
| service_type | compute |
| url | http://ct:8774/v2.1 |
+--------------+----------------------------------+
[root@ct conf.d]# openstack endpoint create --region RegionOne compute admin http://ct:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f06e018c01e04946a0f4322f6fb55417 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9be84ebb8de74de7bd8d5d3905ea7990 |
| service_name | nova |
| service_type | compute |
| url | http://ct:8774/v2.1 |
+--------------+----------------------------------+
- 安装nova组件
[root@ct conf.d]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
- 修改nova配置文件,将模块复制到conf中
[root@ct conf.d]# cp -a /etc/nova/nova.conf{,.bak}
[root@ct conf.d]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
[root@ct conf.d]# cat /etc/nova/nova.conf
[DEFAULT]
[api]
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
- 然后传递参数
root@ct conf.d]# openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@ct/nova_api
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@ct/nova
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@ct/placement
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf vnc enabled true
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf vnc server_listen ' $my_ip'
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement project_name service
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement auth_type password
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement username placement
[root@ct conf.d]# openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
[root@ct conf.d]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata //指定支持的api类型
my_ip = 192.168.100.1 //定义本地IP
use_neutron = true //通过neutron获取IP地址
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:RABBIT_PASS@ct //指定连接的rabbitmq
[api]
auth_strategy = keystone //指定使用keystone认证
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@ct/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@ct/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken] //配置keystone的认证信息
auth_url = http://ct:5000/v3 //到此url去认证
memcached_servers = ct:11211 //memcache数据库地址:端口
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency] //指定锁路径,锁的作用是创建虚拟机时,在执行某个操作的时候,需要等此步骤执行完后才能执行下一个步骤,不能并行执行,保证操作是一步一步的执行
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc] //此处如果配置不正确,则连接不上虚拟机的控制台
enabled = true
server_listen = $my_ip //指定vnc的监听地址
server_proxyclient_address = $my_ip //server的客户端地址为本机地址;此地址是管理网的地址
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@ct/placement
- 初始化nova_api数据库
[root@ct conf.d]# su -s /bin/sh -c "nova-manage api_db sync" nova
- 注册cell0数据库,nova服务内部把资源划分到不同的cell中,把计算节点划分到不同的cell中,openstack内部基于cell把计算节点进行逻辑上的分组
[root@ct conf.d]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
- 创建cell1单元格
[root@ct conf.d]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
4879fc78-e343-43bd-9934-4735cf89f70a
- 初始化nova数据库;可以通过 /var/log/nova/nova-manage.log 日志判断是否初始化成功
[root@ct conf.d]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
- 可使用以下命令验证cell0和cell1是否注册成功
[root@ct conf.d]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------+-----------------------------------------+----------+
| 名称 | UUID | Transport URL | 数据库连接 | Disabled |
+-------+--------------------------------------+----------------------------+-----------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@ct/nova_cell0 | False |
| cell1 | 4879fc78-e343-43bd-9934-4735cf89f70a | rabbit://openstack:****@ct | mysql+pymysql://nova:****@ct/nova | False |
+-------+--------------------------------------+----------------------------+-----------------------------------------+----------+
- 启动Nova服务
[root@ct conf.d]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@ct conf.d]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- 检查nova服务端口
[root@ct conf.d]# netstat -tnlup|egrep '8774|8775'
tcp 0 0 0.0.0.0:8775 0.0.0.0:* LISTEN 52651/python2
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 52651/python2
[root@ct conf.d]# curl http://ct:8774
{"versions": [{"status": "SUPPORTED", "updated": "2011-01-21T11:33:21Z", "links": [{"href": "http://ct:8774/v2/", "rel": "self"}], "min_version": "", "version": "", "id": "v2.0"}, {"status": "CURRENT", "updated": "2013-07-23T11:33:21Z", "links": [{"href": "http://ct:8774/v2.1/", "rel": "self"}], "min_version": "2.1", "version": "2.79", "id": "v2.1"}]}
在c1,c2节点上部署
- 安装nova-compute组件
[root@c1 ~]# yum -y install openstack-nova-compute
[root@c2 ~]# yum -y install openstack-nova-compute
- 并修改nova配置,传递参数,在c1上
[root@c1 ~]# cp -a /etc/nova/nova.conf{,.bak}
[root@c1 ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
[root@c1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
[root@c1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
[root@c1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.2
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.100.1:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
[root@c1 ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@ct
my_ip = 192.168.100.2
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://ct:5000/v3
memcached_servers = ct:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.100.1:6080/vnc_auto.html //需要手动添加IP地址,否则之后搭建成功后,无法通过UI控制台访问到内部虚拟机
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
- 在c2上同样操作,换个ip即可
[root@c2 ~]# cp -a /etc/nova/nova.conf{,.bak}
[root@c2 ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
[root@c2 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
[root@c2 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
[root@c2 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.3
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.100.1:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
[root@c2 ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@ct
my_ip = 192.168.100.3
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://ct:5000/v3
memcached_servers = ct:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.100.1:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
- 然后开启服务
[root@c1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@c1 ~]# systemctl start libvirtd.service openstack-nova-compute.service
[root@c2 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@c2 ~]# systemctl start libvirtd.service openstack-nova-compute.service
在ct节点上
- 查看compute节点是否注册到controller上,通过消息队列,需要在controller节点执行
[root@ct conf.d]# openstack compute service list --service nova-compute
+----+--------------+------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+------+------+---------+-------+----------------------------+
| 6 | nova-compute | c2 | nova | enabled | up | 2021-08-29T13:20:56.000000 |
| 7 | nova-compute | c1 | nova | enabled | up | 2021-08-29T13:20:48.000000 |
+----+--------------+------+------+---------+-------+----------------------------+
- 扫描当前openstack中有哪些计算节点可用,发现后会把计算节点创建到cell中,后面就可以在cell中创建虚拟机,相当于openstack内部对计算节点进行分组,把计算节点分配到不同的cell中
[root@ct conf.d]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': f86e7ed4-b923-4480-8d04-2475a34036ba
Checking host mapping for compute host 'c2': 0e1df2b3-1947-4fce-81a8-458049ea2dd3
Creating host mapping for compute host 'c2': 0e1df2b3-1947-4fce-81a8-458049ea2dd3
Checking host mapping for compute host 'c1': eb7809b6-5f49-4bee-832f-58c677c9a41b
Creating host mapping for compute host 'c1': eb7809b6-5f49-4bee-832f-58c677c9a41b
Found 2 unmapped computes in cell: f86e7ed4-b923-4480-8d04-2475a34036ba
- 默认每次添加个计算节点,在控制端就需要执行一次扫描,这样会很麻烦,所以可以修改控制端nova的主配置文件
[root@ct conf.d]# vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300 //每300秒扫描一次
[root@ct conf.d]# systemctl restart openstack-nova-api.service
- 验证计算节点服务,检查 nova 的各个服务是否都是正常,以及 compute 服务是否注册成功
[root@ct conf.d]# openstack compute service list
+----+----------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------+----------+---------+-------+----------------------------+
| 3 | nova-scheduler | ct | internal | enabled | up | 2021-08-29T13:25:01.000000 |
| 5 | nova-conductor | ct | internal | enabled | up | 2021-08-29T13:25:02.000000 |
| 6 | nova-compute | c2 | nova | enabled | up | 2021-08-29T13:25:06.000000 |
| 7 | nova-compute | c1 | nova | enabled | up | 2021-08-29T13:25:07.000000 |
+----+----------------+------+----------+---------+-------+----------------------------+
- 查看各个组件的 api 是否正常
[root@ct conf.d]# openstack catalog list
+-----------+-----------+---------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+---------------------------------+
| nova | compute | RegionOne |
| | | public: http://ct:8774/v2.1 |
| | | RegionOne |
| | | admin: http://ct:8774/v2.1 |
| | | RegionOne |
| | | internal: http://ct:8774/v2.1 |
| | | |
| keystone | identity | RegionOne |
| | | admin: http://ct:5000/v3/ |
| | | RegionOne |
| | | internal: http://ct:5000/v3/ |
| | | RegionOne |
| | | public: http://ct:5000/v3/ |
| | | |
| placement | placement | RegionOne |
| | | internal: http://ct:8778 |
| | | RegionOne |
| | | public: http://ct:8778 |
| | | RegionOne |
| | | admin: http://ct:8778 |
| | | |
| glance | image | RegionOne |
| | | public: http://ct:9292 |
| | | RegionOne |
| | | internal: http://ct:9292 |
| | | RegionOne |
| | | admin: http://ct:9292 |
| | | |
+-----------+-----------+---------------------------------+
- 查看是否能够拿到镜像
[root@ct conf.d]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 4df06b9e-187b-4a28-a21a-823f3dbd1b13 | cirros | active |
+--------------------------------------+--------+--------+
- 查看cell的api和placement的api是否正常,只要其中一个有误,后期无法创建虚拟机
[root@ct conf.d]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Cinder API |
| Result: Success |
| Details: None |
+--------------------------------+
小结
Placement提供了placement-apiWSGI脚本,用于与Apache,nginx或其他支持WSGI的Web服务器一起运行服务
- 需修改的配置文件:
① placement.conf
主要修改思路:
Keystone认证相关(url、HOST:PORT、域、账号密码等)
对接数据库(位置)
② 00-placement-api.conf
主要修改思路(虚拟主机):
Apache权限、访问控制
Nova分为控制节点、计算节点
- Nova组件核心功能是调度资源,在配置文件中需要体现的部分:指向认证节点位置(URL、ENDPOINT)、调用服务、注册、提供支持等
版权声明:本文为qq_41257472原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。