OpenStack搭建之计算服务Nova(四)
文章
林里克斯
在Linux下搭建OpenStack之计算服务Nova
一、实验平台:CentOS Linux release 7.3.1611 (Core)
二、openstack版本:Mitake
三、本机所有IP:内网:192.168.1.2 192.168.1.3
外网:192.168.2.4 192.168.2.5
四、openstack1:192.168.1.2 #控制节点 1 处理器, 4 GB 内存, 及20 GB 存储
五、openstack2:192.168.1.3 #计算节点 1 处理器, 2 GB 内存, 及20 GB 存储
一、计算服务概览
使用OpenStack计算服务来托管和管理云计算系统。OpenStack计算服务是基础设施即服务(IaaS)系统的主要部分,模块主要由Python实现。
OpenStack计算组件请求OpenStack Identity服务进行认证;请求OpenStack Image服务提供磁盘镜像;为OpenStack dashboard提供用户与管理员接口。磁盘镜像访问限制在项目与用户上;配额以每个项目进行设定(例如,每个项目下可以创建多少实例)。OpenStack组件可以在标准硬件上水平大规模扩展,并且下载磁盘镜像启动虚拟机实例。
OpenStack计算服务由下列组件所构成:
nova-api服务
接收和响应来自最终用户的计算API请求。此服务支持OpenStack计算服务API,Amazon EC2 API,以及特殊的管理API用于赋予用户做一些管理的操作。它会强制实施一些规则,发起多数的编排活动,例如运行一个实例。
nova-api-metadata服务
接受来自虚拟机发送的元数据请求。nova-api-metadata服务一般在安装nova-network服务的多主机模式下使用
nova-compute服务
一个持续工作的守护进程,通过Hypervior的API来创建和销毁虚拟机实例。例如:
XenServer/XCP的XenAPI
KVM或QEMU的libvirt
VMware的VMwareAPI
最为基本的,守护进程同意了来自队列的动作请求,转换为一系列的系统命令如启动一个KVM实例,然后,到数据库中更新它的状态。
nova-scheduler服务
拿到一个来自队列请求虚拟机实例,然后决定那台计算服务器主机来运行它。
nova-conductor模块
媒介作用于nova-compute服务与数据库之间。它排除了由nova-compute服务对云数据库的直接访问。nova-conductor模块可以水平扩展。但是,不要将它部署在运行nova-compute服务的主机节点上
nova-cert模块
服务器守护进程向Nova Cert服务提供X509证书。用来为euca-bundle-image生成证书。仅仅是在EC2 API的请求中使用
nova-network worker守护进程
与nova-compute服务类似,从队列中接受网络任务,并且操作网络。执行任务例如创建桥接的接口或者改变IPtables的规则。
nova-consoleauth守护进程
授权控制台代理所提供的用户令牌。详情可查看nova-novncproxy和nova-xvpvncproxy。该服务必须为控制台代理运行才可奏效。在集群配置中你可以运行二者中任一代理服务而非仅运行一个nova-consoleauth服务。
nova-novncproxy守护进程
提供一个代理,用于访问正在运行的实例,通过VNC协议,支持基于浏览器的novnc客户端。
nova-spicehtml5proxy守护进程
提供一个代理,用于访问正在运行的实例,通过SPICE协议,支持基于浏览器的HTML5客户端。
nova-xvpvncproxy守护进程
提供一个代理,用于访问正在运行的实例,通过VNC协议,支持OpenStack特定的Java客户端。
nova-cert守护进程
X509证书。
nova客户端
用于用户作为租户管理员或最终用户来提交命令。
队列
一个在守护进程间传递消息的中央集线器。
SQL数据库
存储构建时和运行时的状态,为云基础设施,包括有:可用实例类型、使用中的实例、可用网络、项目。 理论上,OpenStack计算可以支持任何和SQL-Alchemy所支持的后端数据库,通常使用SQLite3来做测试可开发工作,MySQL和PostgreSQL作生产环境。
二、安装并配置控制节点
在安装和配置Compute服务前,你必须创建数据库服务的凭据以及API endpoints。
创建nova_api和nova数据库:
> CREATE DATABASE nova_api;
> CREATE DATABASE nova;对数据库进行正确的授权:
> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova_api';
> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova_api';
> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';获得admin凭证来获取只有管理员能执行的命令的访问权限:
$ . admin-openstack.sh要创建服务证书,完成这些步骤:
创建nova用户:
$ openstack user create --domain default --password-prompt nova
User Password: #设置密码,我这里设置为nova
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 563963f57f154b628814c4e1bc9d2169 |
| enabled | True |
| id | aafaff66c5f44b408b9fc9a4ff5349e8 |
| name | nova |
+-----------+----------------------------------+给nova用户添加admin角色:
$ openstack role add --project service --user nova admin创建nova服务实体:
$ openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | f2679bbbe5e444889efd364576d75fb1 |
| name | nova |
| type | compute |
+-------------+----------------------------------+创建Compute服务API端点 :
$ openstack endpoint create --region RegionOne compute public http://192.168.1.2:8774/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 71b6917dbee2420fba4ac003dc81f116 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f2679bbbe5e444889efd364576d75fb1 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.2:8774/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
$ openstack endpoint create --region RegionOne compute internal http://192.168.1.2:8774/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 10db4f4a5c294f0a9728338fdc7ac065 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f2679bbbe5e444889efd364576d75fb1 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.2:8774/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
$ openstack endpoint create --region RegionOne compute admin http://192.168.1.2:8774/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 47f202d7293b4220b4b0daec8d0201e1 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f2679bbbe5e444889efd364576d75fb1 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.2:8774/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+安装软件包:
$ yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler编辑/etc/nova/nova.conf文件并完成下面的操作:
$ vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata #只启用计算和元数据API
rpc_backend = rabbit #配置 RabbitMQ消息队列访问
auth_strategy = keystone #配置认证服务访问
my_ip = 192.168.1.2 #控制节点的管理接口的IP 地址
use_neutron = True #能Networking服务
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@192.168.1.2/nova_api #配置数据库的连接
[database]
connection = mysql+pymysql://nova:nova@192.168.1.2/nova #配置数据库的连接
[oslo_messaging_rabbit] #配置 RabbitMQ消息队列访问
rabbit_host = 192.168.1.2
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken] #配置认证服务访问
auth_uri = http://192.168.1.2:5000
auth_url = http://192.168.1.2:35357
memcached_servers = 192.168.1.2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc] #配置VNC代理使用控制节点的管理接口IP地址
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.1.2
novncproxy_base_url = http://192.168.1.2:6080/vnc_auto.html
[glance]
api_servers = http://192.168.1.2:9292 #配置镜像服务 API 的位置
[oslo_concurrency]
lock_path = /var/lib/nova/tmp #配置锁路径同步数据库
$ su -s /bin/sh -c "nova-manage api_db sync" nova
$ su -s /bin/sh -c "nova-manage db sync" nova
#db的有警告可以忽略,只要不是`error`就可以检查是否有表结构
$ mysql -h 192.168.1.2 -unova -pnova -e "use nova;show tables;"
+--------------------------------------------+
| Tables_in_nova |
+--------------------------------------------+
| agent_builds |
| aggregate_hosts |
| aggregate_metadata |
| aggregates |
| allocations |
| block_device_mapping |
| bw_usage_cache |
| cells |
| certificates |
| compute_nodes |
| console_pools |
| consoles |
| dns_domains |
| fixed_ips |
| floating_ips |
| instance_actions |
| instance_actions_events |
| instance_extra |
| instance_faults |
| instance_group_member |
| instance_group_policy |
| instance_groups |
| instance_id_mappings |
| instance_info_caches |
| instance_metadata |
| instance_system_metadata |
| instance_type_extra_specs |
| instance_type_projects |
| instance_types |
| instances |
| inventories |
| key_pairs |
| migrate_version |
| migrations |
| networks |
| pci_devices |
| project_user_quotas |
| provider_fw_rules |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| resource_provider_aggregates |
| resource_providers |
| s3_images |
| security_group_default_rules |
| security_group_instance_association |
| security_group_rules |
| security_groups |
| services |
| shadow_agent_builds |
| shadow_aggregate_hosts |
| shadow_aggregate_metadata |
| shadow_aggregates |
| shadow_block_device_mapping |
| shadow_bw_usage_cache |
| shadow_cells |
| shadow_certificates |
| shadow_compute_nodes |
| shadow_console_pools |
| shadow_consoles |
| shadow_dns_domains |
| shadow_fixed_ips |
| shadow_floating_ips |
| shadow_instance_actions |
| shadow_instance_actions_events |
| shadow_instance_extra |
| shadow_instance_faults |
| shadow_instance_group_member |
| shadow_instance_group_policy |
| shadow_instance_groups |
| shadow_instance_id_mappings |
| shadow_instance_info_caches |
| shadow_instance_metadata |
| shadow_instance_system_metadata |
| shadow_instance_type_extra_specs |
| shadow_instance_type_projects |
| shadow_instance_types |
| shadow_instances |
| shadow_key_pairs |
| shadow_migrate_version |
| shadow_migrations |
| shadow_networks |
| shadow_pci_devices |
| shadow_project_user_quotas |
| shadow_provider_fw_rules |
| shadow_quota_classes |
| shadow_quota_usages |
| shadow_quotas |
| shadow_reservations |
| shadow_s3_images |
| shadow_security_group_default_rules |
| shadow_security_group_instance_association |
| shadow_security_group_rules |
| shadow_security_groups |
| shadow_services |
| shadow_snapshot_id_mappings |
| shadow_snapshots |
| shadow_task_log |
| shadow_virtual_interfaces |
| shadow_volume_id_mappings |
| shadow_volume_usage_cache |
| snapshot_id_mappings |
| snapshots |
| tags |
| task_log |
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
+--------------------------------------------+$ mysql -h 192.168.1.2 -unova_api -pnova_api -e "use nova_api;show tables;"
+--------------------+
| Tables_in_nova_api |
+--------------------+
| build_requests |
| cell_mappings |
| flavor_extra_specs |
| flavor_projects |
| flavors |
| host_mappings |
| instance_mappings |
| migrate_version |
| request_specs |
+--------------------+
#执行上一步的时候,这里遇到了一个数据库的访问报错。
$ mysql -h 192.168.1.2 -unova -pnova_api -e "use nova_api;show tables;"
ERROR 1045 (28000): Access denied for user 'nova'@'openstack1' (using password: YES)
查看下了权限,发现上面给的权限有点问题:(将nova_api的权限改下后就可以正常看到表结构了)
$ GRANT ALL PRIVILEGES ON *.* TO 'nova_api'@'%' IDENTIFIED BY 'nova_api';
$ GRANT ALL PRIVILEGES ON *.* TO 'nova_api'@'localhost' IDENTIFIED BY 'nova_api';启动Compute服务并将其设置为随系统启动:
$ systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
$ systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service检查控制节点是否成功
$ openstack host list
+------------+-------------+----------+
| Host Name | Service | Zone |
+------------+-------------+----------+
| openstack1 | conductor | internal |
| openstack1 | scheduler | internal |
| openstack1 | consoleauth | internal |
+------------+-------------+----------+三、安装并配置计算节点
计算节点需支持对虚拟化的硬件加速。对于传统的硬件,本配置使用generic qumu的虚拟化方式。
需要开启虚拟化技术:
因为需要使用kvm来创建虚拟机,所以我们需要开启虚拟化。如果是服务器需要在BIOS上开启
勾上 虚拟化 Intel VT-x/EPT 或 AMD-V/RVI(V)安装软件包:
$ yum -y install openstack-nova-compute编辑/etc/nova/nova.conf
$ vim /etc/nova/nova.conf
[DEFAULT]
nabled_apis = osapi_compute,metadata #启用计算和元数据API
rpc_backend = rabbit #配置RabbitMQ消息队列的连接
auth_strategy = keystone #配置认证服务访问
my_ip = 192.168.1.3 #配置my_ip选项,计算节点上的管理网络接口的IP 地址
use_neutron = True #能 Networking 服务
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit] #配置RabbitMQ消息队列的连接
rabbit_host = 192.168.1.2
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken] #配置认证服务访问
auth_uri = http://192.168.1.2:5000
auth_url = http://192.168.1.2:35357
memcached_servers = 192.168.1.2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.1.3
novncproxy_base_url = http://192.168.1.2:6080/vnc_auto.html
[glance]
api_servers = http://192.168.1.2:9292 #配置镜像服务 API 的位置
[oslo_concurrency]
lock_path = /var/lib/nova/tmp #配置锁路径确定您的计算节点是否支持虚拟机的硬件加速。
$ egrep -c '(vmx|svm)' /proc/cpuinfo
#如果这个命令返回了1或不等于0的值,那么你的计算节点支持硬件加速且不需要额外的配置。
#如果这个命令返回了 0 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM$ vim /etc/nova/nova.conf
$ virt_type=kvm启动计算服务及其依赖,并将其配置为随系统自动启动:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
#这里启动遇到了一个问题,openstack-nova-compute.service一直卡着起不来,看了/var/log/nova/下面的日志,发现一直有一个警告openstack-nova-conductor.service提示这个服务确定是否启了。在控制节点看了状态的确是启着的,然后索性重启了一下openstack-nova-conductor.service再去启openstack-nova-compute.service问题就解决了。四、验证
验证计算服务:
获得admin凭证来获取只有管理员能执行的命令的访问权限 计算节点同样需要
admin-openstack.sh
demo-openstack.sh
keystone-openstack.sh这三个凭证 远程拷贝这个三个凭证
$ scp keystone-openstack.sh admin-openstack.sh demo-openstack.sh root@192.168.1.3:/root获得admin凭证来获取只有管理员能执行的命令的访问权限:
$ . admin-openstack.sh列出服务组件,以验证是否成功启动并注册了每个进程:
$ openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | openstack1 | internal | enabled | up | 2017-07-18T11:55:29.000000 |
| 2 | nova-scheduler | openstack1 | internal | enabled | up | 2017-07-18T11:55:21.000000 |
| 3 | nova-consoleauth | openstack1 | internal | enabled | up | 2017-07-18T11:55:21.000000 |
| 6 | nova-compute | openstack2 | nova | enabled | up | 2017-07-18T11:55:24.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
#如果有服务State状态是down的,去控制节点重启下服务。查看nova和keystone是否正常
$ nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-conductor | openstack1 | internal | enabled | up | 2017-07-18T11:56:29.000000 | - |
| 2 | nova-scheduler | openstack1 | internal | enabled | up | 2017-07-18T11:56:31.000000 | - |
| 3 | nova-consoleauth | openstack1 | internal | enabled | up | 2017-07-18T11:56:31.000000 | - |
| 6 | nova-compute | openstack2 | nova | enabled | up | 2017-07-18T11:56:34.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+查看nova和glance服务相互是否正常
$ nova image-list
+--------------------------------------+--------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| db5d11d7-0006-4b14-a5d5-71b18a41eb85 | cirros | ACTIVE | |
+--------------------------------------+--------+--------+--------+Over ~
版权协议须知!
本篇文章来源于 Uambiguous ,如本文章侵犯到任何版权问题,请立即告知本站,本站将及时予与删除并致以最深的歉意
754 0 2017-01-16
博主卡片
运维时间
搭建这个平台,只为分享及记载自己所遇之事和难题。
现在时间 2024-04-26
今日天气
站点统计
- 文章总数:240篇
- 分类总数:29个
- 评论总数:10条
- 本站总访问量 215664 次
@yuanyuan 为什么我的4b安装centos7.9 插上tf卡 显示不兼...
@Wong arrhenius 牛比
@MakerFace 厉害了!
@TongSir 老哥 更新下我的友链链接 https://blog.ton...