OpenStack------nova组件部署
一、nova组件部署位置
控制节点ct
服务 | 名称 |
---|---|
nova-api | nova主服务 |
nova-scheduler | nova调度服务 |
nova-condutor | nova数据库服务,提供数据库访问 |
nova-novncproxy | nova的vnc服务,提供实例的控制台 |
计算节点c1、c2
服务 | 名称 |
---|---|
nova-compute | nova计算服务 |
二、计算节点Nova服务配置
● 创建nova数据库,并执行授权操作
[root@ct ~]# mysql -uroot -p #密码是之前设置的123123
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
● 管理Nova用户及服务
#创建nova用户
[root@ct ~]# openstack user create --domain default --password NOVA_PASS nova #把nova用户添加到service项目,拥有admin权限
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f93c6fd098844ada2f5024a0cd9b83c |
| name | nova |
| options | {
} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@ct ~]# openstack role add --project service --user nova admin #创建nova服务
[root@ct ~]# openstack service create --name nova --description "OpenStack Compute" compute #给Nova服务关联endpoint(端点)
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 8e1b0fd7269d4679adbcf7a795abedda |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne compute public http://ct:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 21955b28f08c40e798ffa8b539d0417e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8e1b0fd7269d4679adbcf7a795abedda |
| service_name | nova |
| service_type | compute |
| url | http://ct:8774/v2.1 |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne compute internal http://ct:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fd1975651ed44f878d19bfcd954ccb78 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8e1b0fd7269d4679adbcf7a795abedda |
| service_name | nova |
| service_type | compute |
| url | http://ct:8774/v2.1 |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne compute admin http://ct:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9c8b7b9af01c424792035f39202818e6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8e1b0fd7269d4679adbcf7a795abedda |
| service_name | nova |
| service_type | compute |
| url | http://ct:8774/v2.1 |
+--------------+----------------------------------+
● 安装nova组件(nova-api、nova-conductor、nova-novncproxy、nova-scheduler)
[root@ct ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
● 修改nova配置文件(nova.conf)
[root@ct ~]# cp -a /etc/nova/nova.conf{,.bak}
[root@ct ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
#修改nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.238.13
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@ct/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@ct/nova
openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@ct/placement
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
#查看nova.conf
[root@ct ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata #指定支持的api类型
my_ip = 192.168.238.13 #定义本地IP
use_neutron = true #通过neutron获取IP地址
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:RABBIT_PASS@ct #指定连接的rabbitmq
[api]
auth_strategy = keystone #指定使用keystone认证
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@ct/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@ct/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken] #配置keystone的认证信息
auth_url = http://ct:5000/v3 #到此url去认证
memcached_servers = ct:11211 #memcache数据库地址:端口
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency] #指定锁路径
lock_path = /var/lib/nova/tmp #锁的作用是创建虚拟机时,在执行某个操作的时候,需要等此步骤执行完后才能执行下一个步骤,不能并行执行,保证操作是一步一步的执行
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc] #此处如果配置不正确,则连接不上虚拟机的控制台
enabled = true
server_listen = $my_ip #指定vnc的监听地址
server_proxyclient_address = $my_ip #server的客户端地址为本机地址;此地址是管理网的地址
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@ct/placement
● 初始化数据库
#初始化nova_api数据库
[root@ct ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
● 注册cell0数据库;nova服务内部把资源划分到不同的cell中,把计算节点划分到不同的cell中;openstack内部基于cell把计算节点进行逻辑上的分组
[root@ct ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#创建cell1单元格;
[root@ct ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
42a693ed-3169-4f78-9421-50b7744d71b6
#初始化nova数据库;可以通过 /var/log/nova/nova-manage.log 日志判断是否初始化成功
[root@ct ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
#可使用以下命令验证cell0和cell1是否注册成功
[root@ct ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova #验证cell0和cell1组件是否注册成功
+-------+--------------------------------------+----------------------------+-----------------------------------------+----------+
| 名称 | UUID | Transport URL | 数据库连接 | Disabled |
+-------+--------------------------------------+----------------------------+-----------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@c2/nova_cell0 | False |
| cell1 | 42a693ed-3169-4f78-9421-50b7744d71b6 | rabbit://openstack:****@c2 | mysql+pymysql://nova:****@c2/nova | False |
+-------+--------------------------------------+----------------------------+-----------------------------------------+----------+
● 启动Nova服务
[root@ct ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
若没有部署placement组件,此处会报错
[root@ct ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
● 检查nova服务端口
[root@ct ~]# netstat -tnlup|egrep '8774|8775'
tcp 0 0 0.0.0.0:8775 0.0.0.0:* LISTEN 36518/python2
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 36518/python2
[root@ct ~]# curl http://ct:8774
{
"versions": [{
"status": "SUPPORTED", "updated": "2011-01-21T11:33:21Z", "links": [{
"href": "http://c2:8774/v2/", "rel": "self"}], "min_version": "", "version": "", "id": "v2.0"}, {
"status": "CURRENT", "updated": "2013-07-23T11:33:21Z", "links": [{
"href": "http://c2:8774/v2.1/", "rel": "self"}], "min_version": "2.1", "version": "2.79", "id": "v2.1"}]}
计算节点配置Nova服务-c1/c2节点
● 安装nova-compute组件
yum -y install openstack-nova-compute
● 修改配置文件
#节点c1和c2Nova配置文件只有IP不同
cp -a /etc/nova/nova.conf{
,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.238.12
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.238.13:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
#配置文件内容如下:
[root@c1 nova]# cat nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@ct
my_ip = 192.168.238.11
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://ct:5000/v3
memcached_servers = ct:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.238.13:6080/vnc_auto.html #比较特殊的地方,需要手动添加IP地址,否则之后搭建成功后,无法通过UI控制台访问到内部虚拟机
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
● 开启服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
ct节点操作
● 查看compute节点是否注册到controller上,通过消息队列;需要在controller节点执行
[root@ct ~]# openstack compute service list --service nova-compute
+----+--------------+------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+------+------+---------+-------+----------------------------+
| 7 | nova-compute | c1 | nova | enabled | up | 2021-03-17T11:24:45.000000 |
| 8 | nova-compute | c2 | nova | enabled | up | 2021-03-17T11:24:40.000000 |
+----+--------------+------+------+---------+-------+----------------------------+
● 扫描当前openstack中有哪些计算节点可用,发现后会把计算节点创建到cell中,后面就可以在cell中创建虚拟机;相当于openstack内部对计算节点进行分组,把计算节点分配到不同的cell中
[root@ct ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Getting computes from cell 'cell1': 42a693ed-3169-4f78-9421-50b7744d71b6
Checking host mapping for compute host 'c1': 9c139f88-c986-4f6e-9d76-5610e5468147
Creating host mapping for compute host 'c1': 9c139f88-c986-4f6e-9d76-5610e5468147
Checking host mapping for compute host 'c2': 9c85dabb-bf86-4f84-97df-0253911d1617
Creating host mapping for compute host 'c2': 9c85dabb-bf86-4f84-97df-0253911d1617
Found 2 unmapped computes in cell: 42a693ed-3169-4f78-9421-50b7744d71b6
Skipping cell0 since it does not contain hosts.
● 默认每次添加个计算节点,在控制端就需要执行一次扫描,这样会很麻烦,所以可以修改控制端nova的主配置文件:
[root@ct ~]# vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300 #每300秒扫描一次
[root@ct ~]# systemctl restart openstack-nova-api.service
● 验证计算节点服务
#检查 nova 的各个服务是否都是正常,以及 compute 服务是否注册成功
[root@ct ~]# openstack compute service list
+----+----------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------+----------+---------+-------+----------------------------+
| 3 | nova-conductor | ct | internal | enabled | up | 2021-03-17T11:27:14.000000 |
| 4 | nova-scheduler | ct | internal | enabled | up | 2021-03-17T11:27:17.000000 |
| 7 | nova-compute | c1 | nova | enabled | up | 2021-03-17T11:27:15.000000 |
| 8 | nova-compute | c2 | nova | enabled | up | 2021-03-17T11:27:10.000000 |
+----+----------------+------+----------+---------+-------+----------------------------+
查看各个组件的 api 是否正常
[root@ct ~]# openstack catalog list
+-----------+-----------+---------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+---------------------------------+
| placement | placement | RegionOne |
| | | admin: http://ct:8778 |
| | | RegionOne |
| | | internal: http://ct:8778 |
| | | RegionOne |
| | | public: http://ct:8778 |
| | | |
| keystone | identity | RegionOne |
| | | internal: http://ct:5000/v3/ |
| | | RegionOne |
| | | admin: http://ct:5000/v3/ |
| | | RegionOne |
| | | public: http://ct:5000/v3/ |
| | | |
| nova | compute | RegionOne |
| | | public: http://ct:8774/v2.1 |
| | | RegionOne |
| | | admin: http://ct:8774/v2.1 |
| | | RegionOne |
| | | internal: http://ct:8774/v2.1 |
| | | |
| glance | image | RegionOne |
| | | admin: http://ct:9292 |
| | | RegionOne |
| | | public: http://ct:9292 |
| | | RegionOne |
| | | internal: http://ct:9292 |
| | | |
+-----------+-----------+---------------------------------+
查看是否能够拿到镜像
[root@ct ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| ccfd5775-44a1-4748-95b0-55f4464faf7e | cirros | active |
+--------------------------------------+--------+--------+
查看cell的api和placement的api是否正常,只要其中一个有误,后期无法创建虚拟机
[root@ct ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Cinder API |
| Result: Success |
| Details: None |
+--------------------------------+
小结
Nova分为控制节点、计算节点
Nova组件核心功能是调度资源,在配置文件中需要体现的部分:指向认证节点位置(URL、ENDPOINT)、调用服务、注册、提供支持等,配置文件中的所有配置参数基本都是围绕此范围进行设置