安装OpenStack计算服务nova
一、计算服务nova的介绍
1. 计算服务nova概览
使用OpenStack计算服务来托管和管理云计算系统。OpenStack计算服务是基础设施即服务(IaaS)系统的主要部分,模块主要由Python实现。
OpenStack计算组件请求OpenStack Identity服务进行认证;请求OpenStack Image服务提供磁盘镜像;为OpenStack dashboard提供用户与管理员接口。磁盘镜像访问限制在项目与用户上;配额以每个项目进行设定(例如,每个项目下可以创建多少实例)。OpenStack组件可以在标准硬件上水平大规模扩展,并且下载磁盘镜像启动虚拟机实例。
2. OpenStack计算服务由下列组件所构成
1)nova-api 服务
接收和响应来自最终用户的计算API请求,管理虚拟机(云主机)生命周期。
2)nova-api-metadata 服务
接受来自虚拟机发送的元数据请求。nova-api-metadata服务一般在安装nova-network服务的多主机模式下使用。
3)nova-compute服务
一个持续工作的守护进程,通过Hypervior的API来创建和销毁虚拟机实例,真正管理虚拟机的生命周期。
4)nova-scheduler 服务
拿到一个来自队列请求虚拟机实例,然后决定那台计算服务器主机来运行它。即nova调度器(挑选出最合适的nova-compute来创建虚机)
5)nova-conductor模块
媒介作用于nova-compute服务与数据库之间。它排除了由nova-compute服务对云数据库的直接访问。nova-conductor模块可以水平扩展。但是,不要将它部署在运行nova-compute服务的主机节点上。
6)nova-network worker 守护进程
与nova-compute服务类似,从队列中接受网络任务,并且操作网络。执行任务。例如创建桥接的接口或者改变IPtables的规则。
7)nova-consoleauth 守护进程
为web版的vnc提供访问令牌token。该服务必须为控制台代理运行才可奏效。
8)nova-novncproxy 守护进程
提供一个代理,用于访问正在运行的实例,通过VNC协议,支持基于浏览器的novnc客户端
9)nova客户端
用于用户作为租户管理员或最终用户来提交命令
10)队列
一个在守护进程间传递消息的中央集线器
11)SQL数据库
存储构建时和运行时的状态,为云基础设施,包括有:可用实例类型;使用中的实例;可用网络;项目
理论上,OpenStack计算可以支持任何和SQL-Alchemy所支持的后端数据库,通常使用SQLite3来做测试可开发工作,MySQL和PostgreSQL 作生产环境。
注:用户发起请求创建虚拟机,Nova-api收到请求,开始下发任务,Nova-compute(计算节点)有多台,Nova-api把任务安排给谁呢,怎么安排合理,nova-scheduler负责选节点,nova-scheduler需要知道每个计算节点资源情况,比如CPU、MEM,硬盘等等,把这些信息写到数据库,schedule从数据库Nova-db中根据资源情况去选择相应的计算节点,Nova-compute也需要连接数据库,去更新自己资源信息。假设有10000个计算节点,每个节点都要连接数据库,这样不安全,另一个如果数据库Nova-db的密码修改,则所有计算节点都需要修改,且需要重启计算节点,为了避免以上两点,nova-conductor出现了。只需在Nova-compute配置消息队列(rabbitmq),所有的nova-compute计算节点通过消息队列去连接nova-conductor,nova-conductor帮助Nova-compute代理修改数据库中虚拟机的状态。
用户发起请求, Nova-api收到请求,通过消息队列发给Nova-schedule,Nova-schedule收到消息之后,去数据库查询nova-compute剩的资源,根据资源情况选择相应的nova-compute计算节点。同时所有的nova-compute计算节点通过消息队列去连接nova-conductor,nova-conductor帮助Nova-compute代理更新数据库自己的资源信息。
二、在控制节点上安装并配置Compute 服务,即 nova
1. 先决条件
在安装和配置 Compute 服务前,必须创建数据库服务的凭据以及 API endpoints
1)创建数据库
a.用数据库连接客户端以 root用户连接到数据库服务器
b.创建 nova_api 和 nova 数据库
c.对数据库进行正确的授权
d.退出数据库客户端
[root@controller ~]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 28 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE nova_api; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> CREATE DATABASE nova; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | keystone | | mysql | | nova | | nova_api | | performance_schema | | test | +--------------------+ 8 rows in set (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.05 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye [root@controller ~]#
2)获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
3)创建服务证书
a.创建 nova 用户
[root@controller ~]# openstack user create --domain default --password-prompt nova User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | d9ffe8683c84401cbad69ac5a73482a8 | | enabled | True | | id | 1577541a71e34c269258f192a68f43f5 | | name | nova | +-----------+----------------------------------+
b.给 nova 用户添加 admin 角色
[root@controller ~]# openstack role add --project service --user nova admin
c.创建 nova 服务实体
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | ece50d8aead24503bdf12514733b15f0 | | name | nova | | type | compute | +-------------+----------------------------------+
d.创建 Compute 服务 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 09e12e9565834868a038a73e2dfd6338 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | ece50d8aead24503bdf12514733b15f0 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 7346ea40061140b1874c364f21967d31 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | ece50d8aead24503bdf12514733b15f0 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | c31d4214852b4d22a6d4af48f519464c | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | ece50d8aead24503bdf12514733b15f0 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+
2. 配置nova组件
1)安装软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler -y
2)编辑``/etc/nova/nova.conf``文件并完成下面的操作
[root@controller ~]# cp /etc/nova/nova.conf{,.bak} [root@controller ~]# grep -Ev "^$|#" /etc/nova/nova.conf.bak >/etc/nova/nova.conf [root@controller ~]# cat /etc/nova/nova.conf [DEFAULT] [api_database] [barbican] [cache] [cells] [cinder] [conductor] [cors] [cors.subdomain] [database] [ephemeral_storage_encryption] [glance] [guestfs] [hyperv] [image_file_url] [ironic] [keymgr] [keystone_authtoken] [libvirt] [matchmaker_redis] [metrics] [neutron] [osapi_v21] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware] [vnc] [workarounds] [xenserver]
a.在``[DEFAULT]``部分,只启用计算和元数据API
b.在``[api_database]``和``[database]``部分,配置数据库的连接
c.在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问
d.在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问
e.在 [DEFAULT 部分,配置``my_ip`` 来使用控制节点的管理接口的IP 地址
f.在 [DEFAULT] 部分,使能 Networking 服务
g.在``[vnc]``部分,配置VNC代理使用控制节点的管理接口IP地址
h.在 [glance] 区域,配置镜像服务 API 的位置
i.在 [oslo_concurrency] 部分,配置锁路径
注:使用openstack-config命令修改配置文件
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata [root@controller ~]# openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:123456@controller/nova_api [root@controller ~]# openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:123456@controller/nova [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit [root@controller ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller [root@controller ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack [root@controller ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 123456 [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000 [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357 [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211 [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova [root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken password 123456 [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.11 [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver [root@controller ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_listen '$my_ip' [root@controller ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip' [root@controller ~]# openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292 [root@controller ~]# openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
[root@controller ~]# cat /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata #只启用计算和元数据API
rpc_backend = rabbit #配置消息队列
auth_strategy = keystone #配置认证服务
my_ip = 10.0.0.11 #配置``my_ip`` 来使用控制节点的管理接口的IP 地址
#使能 Networking 服务.默认情况下,计算服务使用内置的防火墙服务。由于网络服务包含了防火墙服务,必须使用``nova.virt.firewall.NoopFirewallDriver``防火墙服务来禁用掉计算服务内置的防火墙服务 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver
#[api_database]部分,配置数据库的连接 [api_database] connection = mysql+pymysql://nova:123456@controller/nova_api [barbican] [cache] [cells] [cinder] [conductor] [cors] [cors.subdomain]
#[database]部分,配置数据库的连接 [database] connection = mysql+pymysql://nova:123456@controller/nova [ephemeral_storage_encryption]
#在 [glance] 区域,配置镜像服务 API 的位置 [glance] api_servers = http://controller:9292 [guestfs] [hyperv] [image_file_url] [ironic] [keymgr]
#[keystone_authtoken]部分,配置认证服务访问 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 123456 [libvirt] [matchmaker_redis] [metrics] [neutron] [osapi_v21]
#[oslo_concurrency]部分路径 [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_notifications]
#[oslo_messaging_rabbit]部分消息队列访问 [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = 123456 [oslo_middleware] [oslo_policy] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware]
#[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址 [vnc] vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip [workarounds] [xenserver]
3)同步Compute 数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova [root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova /usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.') result = self._query(query) /usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.') result = self._query(query)
#注:忽略输出中任何不推荐使用的信息
#验证同步结果 [root@controller ~]# mysql -uroot -p nova -e "show tables" Enter password: +--------------------------------------------+ | Tables_in_nova | +--------------------------------------------+ | agent_builds | | aggregate_hosts | | aggregate_metadata | | aggregates | | allocations | | block_device_mapping | | bw_usage_cache | | cells | | certificates | | compute_nodes | | console_pools | | consoles | | dns_domains | | fixed_ips | | floating_ips | | instance_actions | | instance_actions_events | | instance_extra | | instance_faults | | instance_group_member | | instance_group_policy | | instance_groups | | instance_id_mappings | | instance_info_caches | | instance_metadata | | instance_system_metadata | | instance_type_extra_specs | | instance_type_projects | | instance_types | | instances | | inventories | | key_pairs | | migrate_version | | migrations | | networks | | pci_devices | | project_user_quotas | | provider_fw_rules | | quota_classes | | quota_usages | | quotas | | reservations | | resource_provider_aggregates | | resource_providers | | s3_images | | security_group_default_rules | | security_group_instance_association | | security_group_rules | | security_groups | | services | | shadow_agent_builds | | shadow_aggregate_hosts | | shadow_aggregate_metadata | | shadow_aggregates | | shadow_block_device_mapping | | shadow_bw_usage_cache | | shadow_cells | | shadow_certificates | | shadow_compute_nodes | | shadow_console_pools | | shadow_consoles | | shadow_dns_domains | | shadow_fixed_ips | | shadow_floating_ips | | shadow_instance_actions | | shadow_instance_actions_events | | shadow_instance_extra | | shadow_instance_faults | | shadow_instance_group_member | | shadow_instance_group_policy | | shadow_instance_groups | | shadow_instance_id_mappings | | shadow_instance_info_caches | | shadow_instance_metadata | | shadow_instance_system_metadata | | shadow_instance_type_extra_specs | | shadow_instance_type_projects | | shadow_instance_types | | shadow_instances | | shadow_key_pairs | | shadow_migrate_version | | shadow_migrations | | shadow_networks | | shadow_pci_devices | | shadow_project_user_quotas | | shadow_provider_fw_rules | | shadow_quota_classes | | shadow_quota_usages | | shadow_quotas | | shadow_reservations | | shadow_s3_images | | shadow_security_group_default_rules | | shadow_security_group_instance_association | | shadow_security_group_rules | | shadow_security_groups | | shadow_services | | shadow_snapshot_id_mappings | | shadow_snapshots | | shadow_task_log | | shadow_virtual_interfaces | | shadow_volume_id_mappings | | shadow_volume_usage_cache | | snapshot_id_mappings | | snapshots | | tags | | task_log | | virtual_interfaces | | volume_id_mappings | | volume_usage_cache | +--------------------------------------------+ [root@controller ~]# mysql -uroot -p nova_api -e "show tables" Enter password: +--------------------+ | Tables_in_nova_api | +--------------------+ | build_requests | | cell_mappings | | flavor_extra_specs | | flavor_projects | | flavors | | host_mappings | | instance_mappings | | migrate_version | | request_specs | +--------------------+
3.启动 Compute 服务并将其设置为随系统启动
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl status openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service ● openstack-nova-api.service - OpenStack Nova API Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-api.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-11-15 12:24:46 CST; 3min 24s ago Main PID: 92280 (nova-api) CGroup: /system.slice/openstack-nova-api.service ├─92280 /usr/bin/python2 /usr/bin/nova-api ├─92339 /usr/bin/python2 /usr/bin/nova-api └─92370 /usr/bin/python2 /usr/bin/nova-api Nov 15 12:23:58 controller systemd[1]: Starting OpenStack Nova API Server... Nov 15 12:24:42 controller sudo[92340]: nova : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/nova-rootwrap /etc/nova/root...save -c Nov 15 12:24:44 controller sudo[92344]: nova : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/nova-rootwrap /etc/nova/root...tore -c Nov 15 12:24:46 controller systemd[1]: Started OpenStack Nova API Server. ● openstack-nova-consoleauth.service - OpenStack Nova VNC console auth Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-consoleauth.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-11-15 12:24:35 CST; 3min 35s ago Main PID: 92281 (nova-consoleaut) CGroup: /system.slice/openstack-nova-consoleauth.service └─92281 /usr/bin/python2 /usr/bin/nova-consoleauth Nov 15 12:23:58 controller systemd[1]: Starting OpenStack Nova VNC console auth Server... Nov 15 12:24:35 controller systemd[1]: Started OpenStack Nova VNC console auth Server. ● openstack-nova-scheduler.service - OpenStack Nova Scheduler Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-scheduler.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-11-15 12:24:35 CST; 3min 35s ago Main PID: 92282 (nova-scheduler) CGroup: /system.slice/openstack-nova-scheduler.service └─92282 /usr/bin/python2 /usr/bin/nova-scheduler Nov 15 12:23:58 controller systemd[1]: Starting OpenStack Nova Scheduler Server... Nov 15 12:24:35 controller systemd[1]: Started OpenStack Nova Scheduler Server. ● openstack-nova-conductor.service - OpenStack Nova Conductor Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-conductor.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-11-15 12:24:33 CST; 3min 36s ago Main PID: 92283 (nova-conductor) CGroup: /system.slice/openstack-nova-conductor.service └─92283 /usr/bin/python2 /usr/bin/nova-conductor Nov 15 12:23:58 controller systemd[1]: Starting OpenStack Nova Conductor Server... Nov 15 12:24:33 controller systemd[1]: Started OpenStack Nova Conductor Server. ● openstack-nova-novncproxy.service - OpenStack Nova NoVNC Proxy Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-novncproxy.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-11-15 12:23:58 CST; 4min 12s ago Main PID: 92284 (nova-novncproxy) CGroup: /system.slice/openstack-nova-novncproxy.service └─92284 /usr/bin/python2 /usr/bin/nova-novncproxy --web /usr/share/novnc/ Nov 15 12:23:58 controller systemd[1]: Started OpenStack Nova NoVNC Proxy Server. Hint: Some lines were ellipsized, use -l to show in full.
4.验证
[root@controller ~]# openstack compute service list +----+------------------+------------+----------+---------+-------+----------------------------+ | Id | Binary | Host | Zone | Status | State | Updated At | +----+------------------+------------+----------+---------+-------+----------------------------+ | 1 | nova-scheduler | controller | internal | enabled | up | 2020-11-15T04:29:32.000000 | | 2 | nova-conductor | controller | internal | enabled | up | 2020-11-15T04:29:32.000000 | | 3 | nova-consoleauth | controller | internal | enabled | up | 2020-11-15T04:29:33.000000 | +----+------------------+------------+----------+---------+-------+----------------------------+ [root@controller ~]# nova service-list +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-scheduler | controller | internal | enabled | up | 2020-11-15T04:29:42.000000 | - | | 2 | nova-conductor | controller | internal | enabled | up | 2020-11-15T04:29:42.000000 | - | | 3 | nova-consoleauth | controller | internal | enabled | up | 2020-11-15T04:29:43.000000 | - | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
三、在计算节点上配置计算服务nova-compute计算服务即nova
1. 先决条件
计算节点需支持对虚拟化的硬件加速。
[root@computer1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo 1
注:如果这个命令返回了 one or greater 的值,那么计算节点支持硬件加速且不需要额外的配置。如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM
在 /etc/nova/nova.conf 文件的 [libvirt] 区域做出如下的编辑:
[libvirt]
...
virt_type = qemu
2. 配置安装nova-compute组件
nova-compute调用libvirtd来创建虚拟机
1)安装软件包
[root@computer1 ~]# yum install openstack-nova-compute openstack-utils.noarch -y
2)编辑``/etc/nova/nova.conf``文件并完成下面的操作
[root@computer1 ~]# cp /etc/nova/nova.conf{,.bak} [root@computer1 ~]# grep -Ev "^$|#" /etc/nova/nova.conf.bak >/etc/nova/nova.conf [root@computer1 ~]# cat /etc/nova/nova.conf [DEFAULT] [api_database] [barbican] [cache] [cells] [cinder] [conductor] [cors] [cors.subdomain] [database] [ephemeral_storage_encryption] [glance] [guestfs] [hyperv] [image_file_url] [ironic] [keymgr] [keystone_authtoken] [libvirt] [matchmaker_redis] [metrics] [neutron] [osapi_v21] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware] [vnc] [workarounds] [xenserver]
a. 在``[DEFAULT]`` 和 [oslo_messaging_rabbit]部分,配置``RabbitMQ``消息队列的连接:
b. 在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问
c.在 [DEFAULT] 部分,配置 my_ip 选项(计算节点上的管理网络接口的IP 地址)
e.在 [DEFAULT] 部分,使能 Networking 服务
f.在``[vnc]``部分,启用并配置远程控制台访问
g.在 [glance] 区域,配置镜像服务 API 的位置
h.在 [oslo_concurrency] 部分,配置锁路径
使用openstack-config命令配置,首先获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@computer1 ~]# source admin-openrc
修改配置文件
[root@computer1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 123456 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken password 123456 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.12 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf vnc enabled True [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip' [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292 [root@computer1 ~]# openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp [root@computer1 ~]# vim /etc/nova/nova.conf [root@computer1 ~]# cat /etc/nova/nova.conf [DEFAULT] rpc_backend = rabbit #配置消息队列
auth_strategy = keystone #配置认证服务访问
my_ip = 10.0.0.12 #计算节点上的管理网络接口的IP 地址
use_neutron = True #使能 Networking 服务 firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database] [barbican] [cache] [cells] [cinder] [conductor] [cors] [cors.subdomain] [database] [ephemeral_storage_encryption]
#在 [glance] 区域,配置镜像服务 API 的位置 [glance] api_servers = http://controller:9292
[guestfs] [hyperv] [image_file_url] [ironic] [keymgr]
#“[keystone_authtoken]” 部分,配置认证服务访问 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 123456
[libvirt] [matchmaker_redis] [metrics] [neutron] [osapi_v21]
#在 [oslo_concurrency] 部分,配置锁路径 [oslo_concurrency] lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp] [oslo_messaging_notifications]
#[oslo_messaging_rabbit]部分,配置``RabbitMQ``消息队列的连接 [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = 123456
[oslo_middleware] [oslo_policy] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware]
#在``[vnc]``部分,启用并配置远程控制台访问 [vnc] enabled = True vncserver_listen = 0.0.0.0 #服务器组件监听所有的 IP 地址 novncproxy_base_url = http://controller:6080/vnc_auto.html # URL 指示可以使用 web 浏览器访问位于该计算节点上实例的远程控制台的位置 vncserver_proxyclient_address = $my_ip #代理组件仅仅监听计算节点管理网络接口的 IP 地址
[workarounds] [xenserver]
3.启动计算服务及其依赖,并将其配置为随系统自动启动
[root@computer1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service. [root@computer1 ~]# systemctl start libvirtd.service openstack-nova-compute.service [root@computer1 ~]# systemctl status libvirtd.service openstack-nova-compute.service ● libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-11-15 13:01:00 CST; 1min 45s ago Docs: man:libvirtd(8) https://libvirt.org Main PID: 82932 (libvirtd) Tasks: 17 (limit: 32768) CGroup: /system.slice/libvirtd.service └─82932 /usr/sbin/libvirtd Nov 15 13:00:58 computer1 systemd[1]: Starting Virtualization daemon... Nov 15 13:01:00 computer1 systemd[1]: Started Virtualization daemon. ● openstack-nova-compute.service - OpenStack Nova Compute Server Loaded: loaded (/usr/lib/systemd/system/openstack-nova-compute.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-11-15 13:01:18 CST; 1min 27s ago Main PID: 82949 (nova-compute) Tasks: 22 CGroup: /system.slice/openstack-nova-compute.service └─82949 /usr/bin/python2 /usr/bin/nova-compute Nov 15 13:01:00 computer1 systemd[1]: Starting OpenStack Nova Compute Server... Nov 15 13:01:18 computer1 nova-compute[82949]: /usr/lib/python2.7/site-packages/pkg_resources/__init__.py:187: RuntimeWarning: You ha... Nov 15 13:01:18 computer1 nova-compute[82949]: stacklevel=1, Nov 15 13:01:18 computer1 systemd[1]: Started OpenStack Nova Compute Server. Hint: Some lines were ellipsized, use -l to show in full.
四、验证计算服务的操作
在控制节点上执行这些命令
1.获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller ~]# source admin-openrc
2.列出服务组件,以验证是否成功启动并注册了每个进程
[root@controller ~]# openstack compute service list +----+------------------+------------+----------+---------+-------+----------------------------+ | Id | Binary | Host | Zone | Status | State | Updated At | +----+------------------+------------+----------+---------+-------+----------------------------+ | 1 | nova-scheduler | controller | internal | enabled | up | 2020-11-15T05:03:53.000000 | | 2 | nova-conductor | controller | internal | enabled | up | 2020-11-15T05:03:53.000000 | | 3 | nova-consoleauth | controller | internal | enabled | up | 2020-11-15T05:03:53.000000 | | 6 | nova-compute | computer1 | nova | enabled | up | 2020-11-15T05:03:55.000000 | +----+------------------+------------+----------+---------+-------+----------------------------+ [root@controller ~]# nova service-list +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-scheduler | controller | internal | enabled | up | 2020-11-15T05:04:03.000000 | - | | 2 | nova-conductor | controller | internal | enabled | up | 2020-11-15T05:04:03.000000 | - | | 3 | nova-consoleauth | controller | internal | enabled | up | 2020-11-15T05:04:03.000000 | - | | 6 | nova-compute | computer1 | nova | enabled | up | 2020-11-15T05:04:05.000000 | - | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
注:该输出应该显示三个服务组件在控制节点上启用,一个服务组件在计算节点上启用。
