A05. openstack架构实战-nova服务控制节点安装
使用OpenStack Compute托管和管理云计算系统。OpenStack Compute是基础架构即服务(IaaS)系统的主要部分。主要模块是用Python实现的。
OpenStack Compute与OpenStack Identity交互以进行身份验证;用于磁盘和服务器映像的OpenStack映像服务;和用于用户和管理界面的OpenStack仪表板。图像访问受项目和用户的限制;每个项目都限制配额(例如,实例数)。OpenStack Compute可以在标准硬件上水平扩展,并下载映像以启动实例。
OpenStack计算服务由下列组件所构成:(下列只是标识常用组件)
nova-api
服务接受并响应最终用户的计算API调用。该服务支持OpenStack Compute API。它执行一些策略并启动大多数编排活动,例如运行实例。(管理虚拟机云主机的生命周期)
nova-compute(computer节点多个)
服务通过守护程序API创建和终止虚拟机实例的辅助程序守护程序。(真正用来管理虚拟机)nova-compute调用libvirt管理虚拟机,例如:
- 适用于XenServer / XCP的XenAPI
- 用于KVM或QEMU的libvirt
- 适用于VMware的VMwareAPI
nova-scheduler
服务从队列中获取虚拟机实例请求,并确定它在哪台计算服务器主机上运行。(如果同时创建多个云主机的时候,nova-scheduler会根据(nova-compute创建虚拟机之后,存放在数据库中剩余的cpu,内存等)挑选最合适的nova-compute进行创建虚拟机)
由于nova-compute需要连接数据库,而且nova-compute是有多个节点的,如果每个节点都配置数据库连接,都有数据的账号和密码,这样一但数据库被泄露,会照成很大的不安全,这是为了安全nova有一个专门帮助computer连接数据库的插件nova-conductor
nova-conductor
是问了协助nova-compute
服务与数据库之间的交互。它消除了该nova-compute
服务对云数据库的直接访问不安全的问题 。该nova-conductor
模块水平缩放。但是,请勿将其部署在nova-compute
运行服务的节点上。(nova-computer和nova-conductor
之间是通过消息队列来实时通信)
nova-consoleauth
守护程序为控制台代理提供的用户授权令牌。该服务必须正在运行,控制台代理才能起作用。您可以在集群配置中针对单个nova-consoleauth服务运行这两种类型的代理。
nova-novncproxy
守护程序提供用于通过VNC连接访问正在运行的实例的代理。支持基于浏览器的novnc客户端。
nova-api-metadata
服务接受来自实例的元数据请求。nova-api-metadata
当您在nova-network
安装时以多主机模式运行时,通常会使用该服务。配合neutron-metadata-agent来虚拟机定制化
nova服务安装
1:在控制节点上数据库进行授权:
有关于cell0数据库的信息请查看该连接:
https://blog.csdn.net/huyoufu200920201078/article/details/78133167(转载)
MariaDB [keystone]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [keystone]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [keystone]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)
2:对数据库进行正确的授权:
MariaDB [keystone]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'huayun';
Query OK, 0 rows affected (0.00 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
-> IDENTIFIED BY 'huayun';
Query OK, 0 rows affected (0.00 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'huayun';
Query OK, 0 rows affected (0.00 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'huayun';
Query OK, 0 rows affected (0.00 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'huayun';
Query OK, 0 rows affected (0.00 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
-> IDENTIFIED BY 'huayun';
Query OK, 0 rows affected (0.00 sec)
3:在keystone中创建计算服务凭据:
创建nova用户:
[root@controller01 ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c4969df6d7f94b2a9e1f070d4fbe4b21 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加admin角色到nova用户中:
[root@controller01 ~]# openstack role add --project service --user nova admin
创建nova服务:
[root@controller01 ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 4789449b79b744ed8f1f73510c790717 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建compute 的API接口
[root@controller01 ~]# openstack endpoint create --region RegionOne \
> compute public http://controller01:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e3297f3039934f32aa5ebdad8947c03e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4789449b79b744ed8f1f73510c790717 |
| service_name | nova |
| service_type | compute |
| url | http://controller01:8774/v2.1 |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller01:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 50c9f6f56c6245d1afda96d3e4551a8d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4789449b79b744ed8f1f73510c790717 |
| service_name | nova |
| service_type | compute |
| url | http://controller01:8774/v2.1 |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller01:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 452b26e7185f4693a99d2a6e82263d02 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4789449b79b744ed8f1f73510c790717 |
| service_name | nova |
| service_type | compute |
| url | http://controller01:8774/v2.1 |
+--------------+----------------------------------+
创建placement :
Nova在 Newton 14.0.0版中引入Placement API。这是一个比较独立的Rest API 栈,建立该数据模型是为了追踪记录resources provider目录和resource使用情况。例如,resource provider可以是一个计算节点、共享存储池或是IP地址池。placement 服务追踪每种resource provider的服务目录,使用情况(意思就是,可以从placement API获取resource provider目录,并获取resource provider的资源使用情况)。例如一个新建的instance是 某个compute node resource provider的消费者,消费RAM,CPU资源,也是外部存储资源池的消费者,也是IP resource provider的消费者。
创建placement用户
[root@controller01 ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 33459699cd5b40a5b20f9db6e6d1acd2 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加admin角色到placement用户
[root@controller01 ~]# openstack role add --project service --user placement admin
在keystone上创建placemen服务:
[root@controller01 ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 13842265b6224256ab09e2c0dbc90447 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
创建placement api 服务接口
[root@controller01 ~]# openstack endpoint create --region RegionOne placement public http://controller01:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 858dcee61bbb4d9b87362b7f44be2fff |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 13842265b6224256ab09e2c0dbc90447 |
| service_name | placement |
| service_type | placement |
| url | http://controller01:8778 |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne placement internal http://controller01:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ea6c0b4fa5f642139fa81961e73f672b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 13842265b6224256ab09e2c0dbc90447 |
| service_name | placement |
| service_type | placement |
| url | http://controller01:8778 |
+--------------+----------------------------------+
[root@controller01 ~]# openstack endpoint create --region RegionOne placement admin http://controller01:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | dfcd70404c194c7ebd9125b41746d8e8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 13842265b6224256ab09e2c0dbc90447 |
| service_name | placement |
| service_type | placement |
| url | http://controller01:8778 |
+--------------+----------------------------------+
安装和配置nova服务:
1:安装软件包:
[root@controller01 ~]# yum install -y openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler openstack-nova-placement-api
2:编辑/etc/nova/nova.conf
文件并完成以下操作:
在此[DEFAULT]
部分中,仅启用计算和元数据API:
[DEFAULT]
enabled_apis = osapi_compute,metadata
配置api_database和database的数据库访问
[api_database]
connection = mysql+pymysql://nova:huayun@controller01/nova_api
[database]
connection = mysql+pymysql://nova:huayun@controller01/nova
在该[DEFAULT]
部分中,配置RabbitMQ
消息队列访问:
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:huayun@controller01
在[api]
和[keystone_authtoken]
部分中,配置身份服务访问:
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller01:5000/v3
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = huayun
在该[DEFAULT]
部分中,配置my_ip
选项以使用控制器节点的管理接口IP地址:
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:huayun@controller01
my_ip = 10.100.201.201
在本[DEFAULT]
节中,启用对网络服务的支持:
注意:默认情况下,Compute使用内部防火墙驱动程序。由于网络服务包含防火墙驱动程序,因此必须使用nova.virt.firewall.NoopFirewallDriver
防火墙驱动程序禁用计算防火墙驱动 程序。
[DEFAULT]
................
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在该[vnc]
部分中,将VNC代理配置为使用控制器节点的管理接口IP地址:
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
在该[glance]
部分中,配置镜像服务API的位置:
[glance]
api_servers = http://controller01:9292
在该[oslo_concurrency]
部分中,配置锁定路径:(防止脚本重复运行)
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
在该[placement]
部分中,配置Placement API:
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller01:5000/v3
username = placement
password = huayun
由于安装包有bug,您必须通过将以下配置添加到来启用对Placement API的访问 /etc/httpd/conf.d/00-nova-placement-api.conf
:
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
修改完之后重新启动httpd
[root@controller01 ~]# systemctl restart httpd
nova数据库同步
nova-api
数据库同步:
[root@controller01 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
注册cell0
数据库同步:
[root@controller01 ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建cell1
单元格:
[root@controller01 ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
f6a79410-c689-466c-ad20-705a87170ea9
nova数据库同步:
[root@controller01 ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
验证nova cell0和cell1是否正确注册:
[root@controller01 ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+--------------------------------------+---------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+--------------------------------------+---------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller01/nova_cell0 |
| cell1 | f6a79410-c689-466c-ad20-705a87170ea9 | rabbit://openstack:****@controller01 | mysql+pymysql://nova:****@controller01/nova |
+-------+--------------------------------------+--------------------------------------+---------------------------------------------------+
启动nova服务:
[root@controller01 ~]# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller01 ~]# systemctl start openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
检测服务是否启动:
[root@controller01 ~]# nova service-list
+--------------------------------------+------------------+--------------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
+--------------------------------------+------------------+--------------+----------+---------+-------+----------------------------+-----------------+-------------+
| 0e8b6f12-b821-4a76-abfe-843df06d381a | nova-consoleauth | controller01 | internal | enabled | up | 2020-05-24T09:27:56.000000 | - | False |
| 59db69dc-fb44-4341-ac4a-ddf6cb32348e | nova-conductor | controller01 | internal | enabled | up | 2020-05-24T09:27:56.000000 | - | False |
| 7d8c598b-f5ac-4e5e-bd54-19e40e993fcd | nova-scheduler | controller01 | internal | enabled | up | 2020-05-24T09:27:56.000000 | - | False |
+--------------------------------------+------------------+--------------+----------+---------+-------+----------------------------+-----------------+-------------+
查看nova 服务表首先查看的是调用nova-api的服务:
检测openstack-nova-novncproxy是否正常:
[root@controller01 ~]# netstat -tunpl | grep 6080
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 30416/python2
[root@controller01 ~]# ps -ef | grep 30416
nova 30416 1 0 17:23 ? 00:00:03 /usr/bin/python2 /usr/bin/nova-novncproxy --web /usr/share/novnc/
root 30998 18811 0 17:31 pts/0 00:00:00 grep --color=auto 30416