openstack-5computer(计算服务)
openstack-5computer(计算服务)
Compute service overview
nova 是 openstack 最早的组件之一,nova 分为控制节点和计算节点,计算节点通过 nova
computer 进行虚拟机创建,通过 libvirt 调用 kvm 创建虚拟机,nova 之间通信通过 rabbitMQ
队列进行通信,其组件和功能如下:
API:负责接收和响应外部请求。
Scheduler:负责调度虚拟机所在的物理机。
Conductor:计算节点访问数据库的中间件。
Consoleauth:用于控制台的授权认证。
Novncproxy:VNC 代理,用于显示虚拟机操作终端。
官 方 部 署 文 档 : https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/common/get-started-compute.html
Nova-API 的功能:
Nova-api 组件实现了 restful API 的功能,接收和响应来自最终用户的计算 API 请求,接收外
部的请求并通过 message queue 将请求发动给其他服务组件,同时也兼容 EC2 API,所以也
可以使用 EC2 的管理工具对 nova 进行日常管理。
nova scheduler:
nova scheduler 模块在 openstack 中的作用是决策虚拟机创建在哪个主机(计算节点)上。决
策一个虚拟机应该调度到某物理节点,需要分为两个步骤:
过滤(filter),过滤出可以创建虚拟机的主机
计算权值(weight),根据权重大进行分配,默认根据资源可用空间进行权重排序
安装并配置控制节点
先决条件
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'novapass';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'novapass';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'novapass';创建 nova 用户
[root@controller1 ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 0a8f301960df4c76bea868524707efe8 |
| enabled | True |
| id | ed1cadb4e6bb472b9a5dd331c449d993 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+给 nova 用户添加 admin 角色
openstack role add --project service --user nova admin创建 nova 服务并注册
创建 nova 服务
[root@controller1 ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | d60f94f3e6fe4b5d9205d159a66631c7 |
| name | nova |
| type | compute |
+-------------+----------------------------------+创建公共端点
[root@controller1 ~]# openstack endpoint create --region RegionOne compute public http://192.168.10.233:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5c36c94914ea460694609149a3ad3667 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d60f94f3e6fe4b5d9205d159a66631c7 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.10.233:8774/v2.1 |
+--------------+----------------------------------+创建私有端点
[root@controller1 ~]# openstack endpoint create --region RegionOne compute internal http://192.168.10.233:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 61bdc8e2d3934920b28323ff60cbad97 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d60f94f3e6fe4b5d9205d159a66631c7 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.10.233:8774/v2.1 |
+--------------+----------------------------------+创建管理端点
[root@controller1 ~]# openstack endpoint create --region RegionOne compute admin http://192.168.10.233:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4ff439ff3feb41cbb63cc6d78f29901e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d60f94f3e6fe4b5d9205d159a66631c7 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.10.233:8774/v2.1 |
+--------------+----------------------------------+创建一个Placement服务用户
[root@controller1 ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 0a8f301960df4c76bea868524707efe8 |
| enabled | True |
| id | b89dd2bfd4a3413aa30889080fdbbf83 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+使用admin角色将Placement用户添加到服务项目:
openstack role add --project service --user placement admin在服务目录中创建Placement APl条目:
openstack service create --name placement --description "Placement API" placement创建Placement APl服务端点
openstack endpoint create --region RegionOne placement public http://192.168.10.233:8778
openstack endpoint create --region RegionOne placement internal http://192.168.10.233:8778
openstack endpoint create --region RegionOne placement admin http://192.168.10.233:8778查看
[root@controller1 ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 7903947d3df2430a9de170282b17a123 | glance |
| b89dd2bfd4a3413aa30889080fdbbf83 | placement |
| ed1cadb4e6bb472b9a5dd331c449d993 | nova |
| f7e61b8a40b7490694e8082dc6ecf9bc | admin |
+----------------------------------+-----------+
[root@controller1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 11f7dc0b9df1443ab4a2ed688b10926f | admin |
+----------------------------------+-------+
[root@controller1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 1d282d7b7b57405a98aac596f42f173d | glance | image |
| 88ae0d08128842279750cdc3dfb00cff | keystone | identity |
| d60f94f3e6fe4b5d9205d159a66631c7 | nova | compute |
| ec224c7267c844d5a0404f2b5444a0d0 | placement | placement |
+----------------------------------+-----------+-----------+
[root@controller1 ~]# openstack endpoint list
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 36d59ff6ca284344bfa4990d5c7bc | RegionOne | glance | image | True | admin | http://192.168.10.233:9292 |
| 071 | | | | | | |
| 3d1bc5df827c48de9df3772ae00da | RegionOne | glance | image | True | public | http://192.168.10.233:9292 |
| cf4 | | | | | | |
| 4862d7d814f04fc08b0d5c5073a12 | RegionOne | keystone | identity | True | admin | http://192.168.10.233:35357/v3 |
| 09a | | | | | | |
| 4ff439ff3feb41cbb63cc6d78f299 | RegionOne | nova | compute | True | admin | http://192.168.10.233:8774/v2. |
| 01e | | | | | | 1 |
| 5c36c94914ea460694609149a3ad3 | RegionOne | nova | compute | True | public | http://192.168.10.233:8774/v2. |
| 667 | | | | | | 1 |
| 61bdc8e2d3934920b28323ff60cba | RegionOne | nova | compute | True | internal | http://192.168.10.233:8774/v2. |
| d97 | | | | | | 1 |
| 6b6ecf1ca488400784b0f9e35f5c4 | RegionOne | keystone | identity | True | internal | http://192.168.10.233:5000/v3 |
| b7e | | | | | | |
| c19451bc06ff4852b148fa70cd1cc | RegionOne | placement | placement | True | internal | http://192.168.10.233:8778 |
| 79b | | | | | | |
| c433b9336e35442a935f49f93544b | RegionOne | placement | placement | True | admin | http://192.168.10.233:8778 |
| 113 | | | | | | |
| dc9f039ed9ec4ed286b76ddf7ebb8 | RegionOne | glance | image | True | internal | http://192.168.10.233:9292 |
| a81 | | | | | | |
| e0ecf07f27494ac1b1fadc11e1162 | RegionOne | keystone | identity | True | public | http://192.168.10.233:5000/v3 |
| b53 | | | | | | |
| ef3a7de574354f2da2f6d2eaaf17a | RegionOne | placement | placement | True | public | http://192.168.10.233:8778 |
| 7b9 | | | | | | |
+-------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
[root@controller1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 14c7c0b953754e0d9f30d4973e3e369d | admin |
| ff71bd18ddc842599845c08a7ef7fbca | service |
+----------------------------------+---------+安全并配置组件
安装软件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api编辑/etc/nova/nova.conf文件并完成下面的操作:
在[DEFAULT]部分,只启用计算和元数据API:
[DEFAULT]
enabled_apis = osapi_compute,metadata在[api_database]和[database]部分,配置数据库的连接:
[api_database]
connection = mysql+pymysql://nova:novapass@192.168.10.233/nova_api
[database]
connection = mysql+pymysql://nova:novapass@192.168.10.233/nova在[DEFAULT]部分,配置RabbitMQ消息队列访问权限:
[DEFAULT]
transport_url = rabbit://openstack:openstackpass@192.168.10.233在[api]和[keystone-authtoken]部分中,配置身份服务访问:
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://192.168.10.233:5000
auth_url = http://192.168.10.233:35357
memcached_servers = 192.168.10.233:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova在 [DEFAULT] 部分,配置my_ip 来使用控制节点的管理接口的IP 地址。
[DEFAULT]
my_ip = 192.168.10.201在 [DEFAULT]部分,启用网络服务支持:
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver默认情况下,计算服务使用内置的防火墙服务。由于网络服务包含了防火墙服务,你必须使用nova.virt.firewall.NoopFirewallDriver防火墙服务来禁用掉计算服务内置的防火墙服务
在[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址 :
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://192.168.10.233:9292在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp在[placement]部分中,配置Placement API:
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.10.233:35357/v3
username = placement
password = placement由于 packaging bug 打包错误,您必须通过添加以下配置来启用对Placement API的访问
/etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>重新httpd服务
systemctl restart httpd填充nova-api数据库:
su -s /bin/sh -c "nova-manage api_db sync" nova注册cell0数据库:
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova创建cell1单元格:
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
29f2d858-08b5-41d9-9545-77cfe7704818填充新星数据库:
su -s /bin/sh -c "nova-manage db sync" nova确认nova cel10和cel11已正确注册:
[root@controller1 ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+
| Name | UUID |
+-------+--------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 |
| cell1 | 29f2d858-08b5-41d9-9545-77cfe7704818 |
+-------+--------------------------------------+完成安装
启动 Compute 服务并将其设置为随系统启动:
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service[root@controller1 ~]# nova service-list
+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-scheduler | controller1 | internal | enabled | up | 2019-09-11T05:29:28.000000 | - |
| 2 | nova-consoleauth | controller1 | internal | enabled | up | 2019-09-11T05:29:28.000000 | - |
| 3 | nova-conductor | controller1 | internal | enabled | up | 2019-09-11T05:29:28.000000 | - |
+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+安装和配置计算节点
yum install openstack-nova-compute安全并配置组件部署 nova 计算节点
编辑/etc/nova/nova.conf文件并完成下面的操作:
在[DEFAULT]部分,只启用计算和元数据API:
[DEFAULT]
enabled_apis = osapi_compute,metadata在[DEFAULT]部分,配置RabbitMQ消息队列访问权限:
[DEFAULT]
transport_url = rabbit://openstack:openstackpass@192.168.10.233用你在 “RabbitMQ” 中为 “openstack” 选择的密码替换 “RABBIT_PASS”。
在 [api_database] 和 [database] 部分,配置数据库的连接:
[api_database]
connection = mysql+pymysql://nova:novapass@192.168.10.233/nova_api
[database]
connection = mysql+pymysql://nova:novapass@192.168.10.233/nova在[api]和[keystone_authtoken]部分中,配置身份服务访问:
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://192.168.10.233:5000
auth_url = http://192.168.10.233:35357
memcached_servers = 192.168.10.233:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova使用你在身份认证服务中设置的nova 用户的密码替换NOVA_PASS。
在 [DEFAULT] 部分,配置 my_ip 选项:
[DEFAULT]
my_ip = 192.168.10.203将其中的 MANAGEMENT_INTERFACE_IP_ADDRESS 替换为计算节点上的管理网络接口的IP 地址,例如 :ref:example architecture <overview-example-architectures>中所示的第一个节点 10.0.0.31 。
在 [DEFAULT]部分,启用网络服务支持:
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver缺省情况下,Compute 使用内置的防火墙服务。由于 Networking 包含了防火墙服务,所以你必须通过使用 nova.virt.firewall.NoopFirewallDriver 来去除 Compute 内置的防火墙服务。
在[vnc]部分,启用并配置远程控制台访问:
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.10.233:6080/vnc_auto.html服务器组件监听所有的 IP 地址,而代理组件仅仅监听计算节点管理网络接口的 IP 地址。基本的 URL 指示您可以使用 web 浏览器访问位于该计算节点上实例的远程控制台的位置。
如果你运行浏览器的主机无法解析192.168.10.233 主机名,你可以将 192.168.10.233替换为你控制节点管理网络的IP地址。
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://192.168.10.233:9292
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp在[placement]部分中,配置Placement API:
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.10.233:35357/v3
username = placement
password = placement完成安装
确认计算节点是否支持硬件加速:
egrep -c '(vmx|svm)' /proc/cpuinfo如果这个命令返回了 one or greater 的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM
在 /etc/nova/nova.conf 文件的 [libvirt] 区域做出如下的编辑:
[libvirt]
virt_type = qemu启动 nova 计算服务并设置为开机启动:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service主动发现计算节点:
#使用命令发现:
source admin-openstack.sh
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
[root@controller1 ~]# openstack hypervisor list
+----+---------------------+-----------------+----------------+-------+
| ID | Hypervisor Hostname | Hypervisor Type | Host IP | State |
+----+---------------------+-----------------+----------------+-------+
| 1 | computer1 | QEMU | 192.168.10.203 | up |
+----+---------------------+-----------------+----------------+-------+如果还看不到计算节点
nova-status upgrade check
nova-manage cell_v2 simple_cell_setup
openstack hypervisor list添加新计算节点时,必须运行nova-manage cell_v2 discover_hosts
在控制器节点上注册那些新的计算节点。或者,您可以在中设置适当的间隔/etc/nova/nova.conf
#定期主动发现:
[scheduler]
discover_hosts_in_cells_interval = 300修改完配置重新服务
systemctl restart openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service验证操作
验证计算节点:
[root@controller1 ~]# nova host-list
+-------------+-------------+----------+
| host_name | service | zone |
+-------------+-------------+----------+
| controller1 | scheduler | internal |
| controller1 | consoleauth | internal |
| controller1 | conductor | internal |
| computer1 | compute | nova |
+-------------+-------------+----------+列出服务组件,以验证是否成功启动并注册了每个进程
[root@controller1 ~]# nova service-list
+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-scheduler | controller1 | internal | enabled | up | 2019-09-11T06:08:19.000000 | - |
| 2 | nova-consoleauth | controller1 | internal | enabled | up | 2019-09-11T06:08:19.000000 | - |
| 3 | nova-conductor | controller1 | internal | enabled | up | 2019-09-11T06:08:20.000000 | - |
| 8 | nova-compute | computer1 | nova | enabled | up | 2019-09-11T06:08:21.000000 | - |
+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+#列出 keystone 服务中的端点,以验证 keystone 的连通性。
[root@controller1 ~]# openstack catalog list
+-----------+-----------+---------------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+---------------------------------------------+
| glance | image | RegionOne |
| | | admin: http://192.168.10.233:9292 |
| | | RegionOne |
| | | public: http://192.168.10.233:9292 |
| | | RegionOne |
| | | internal: http://192.168.10.233:9292 |
| | | |
| keystone | identity | RegionOne |
| | | admin: http://192.168.10.233:35357/v3 |
| | | RegionOne |
| | | internal: http://192.168.10.233:5000/v3 |
| | | RegionOne |
| | | public: http://192.168.10.233:5000/v3 |
| | | |
| nova | compute | RegionOne |
| | | admin: http://192.168.10.233:8774/v2.1 |
| | | RegionOne |
| | | public: http://192.168.10.233:8774/v2.1 |
| | | RegionOne |
| | | internal: http://192.168.10.233:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | internal: http://192.168.10.233:8778 |
| | | RegionOne |
| | | admin: http://192.168.10.233:8778 |
| | | RegionOne |
| | | public: http://192.168.10.233:8778 |
| | | |
+-----------+-----------+---------------------------------------------+列出Image服务中的图像以验证与Image服务的连接:
[root@controller1 ~]# nova image-list
WARNING: Command image-list is deprecated and will be removed after Nova 15.0.0 is released. Use python-glanceclient or openstackclient instead
+--------------------------------------+--------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| cac9811d-6590-4648-b1a0-6eda2e8e799e | cirros | ACTIVE | |
+--------------------------------------+--------+--------+--------+
[root@controller1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| cac9811d-6590-4648-b1a0-6eda2e8e799e | cirros | active |
+--------------------------------------+--------+--------+列出服务组件是否成功注册
[root@controller1 ~]# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
| 1 | nova-scheduler | controller1 | internal | enabled | up | 2019-09-11T06:09:49.000000 |
| 2 | nova-consoleauth | controller1 | internal | enabled | up | 2019-09-11T06:09:49.000000 |
| 3 | nova-conductor | controller1 | internal | enabled | up | 2019-09-11T06:09:50.000000 |
| 8 | nova-compute | computer1 | nova | enabled | up | 2019-09-11T06:09:51.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+检查 cells 和 placement API 是否工作正常
[root@controller1 ~]# nova-status upgrade check
+---------------------------+
| Upgrade Check Results |
+---------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+---------------------------+如果出现重复的节点请参考
https://blog.csdn.net/ai74le/article/details/88293965
