文章目录
OpenStack-nova组件部署案例
环境:
软件:VMware Xshell
20.0.0.100(controller)
nova-api(nova主服务)
nova-scheduler(nova调度服务)
nova-conductor(nova数据库服务,提供数据库访问)
nova-novncproxy(nova的vnc服务,提供实例的控制台)
nova计算节点:
20.0.0.101(ct1)
20.0.0.102(ct2)
nova-compute(nova计算服务)
部署思路:
Nova分为控制节点、计算节点
Nova组件核心功能是调度资源,在配置文件中需要体现的部分:
指向认证节点位置(URL、ENDPOINT)、调用服务、注册、提供支持等,配置文件中的所有配置参数基本都是围绕此范围(对实例生命周期管理)进行设置
一.计算节点Nova服务配置
1.创建nova数据库,并执行授权操作
[root@controller ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
2.管理Nova用户及服务
创建nova用户
[root@controller ~]# openstack user create --domain default --password NOVA_PASS nova
把nova用户添加到service项目,拥有admin权限
[root@controller ~]# openstack role add --project service --user nova admin
创建nova服务
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
给Nova服务关联endpoint(端点:8774)
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
3.安装nova组件(nova-api、nova-conductor、nova-novncproxy、nova-scheduler)
[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
修改nova配置文件(nova.conf)
[root@controller ~]# cp -a /etc/nova/nova.conf{
,.bak}
[root@controller ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.100 修改为 controller的IP(内部IP)
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
[root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
[root@controller ~]# openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[root@controller ~]# openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
[root@controller ~]# openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
[root@controller ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
[root@controller ~]# openstack-config --set /etc/nova/nova.conf vnc enabled true
[root@controller ~]# openstack-config --set /etc/nova/nova.conf vnc server_listen ' $my_ip'
[root@controller ~]# openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
[root@controller ~]# openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
[root@controller ~]# openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement project_name service
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement auth_type password
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement username placement
[root@controller ~]# openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
查看nova.conf
[root@controller ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata 指定支持的api类型
my_ip = 20.0.0.100 定义本地IP
use_neutron = true 通过neutron获取IP地址
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:RABBIT_PASS@controller 指定连接的rabbitmq
[api]
auth_strategy = keystone 指定使用keystone认证
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken] 配置keystone的认证信息
auth_url = http://controller:5000/v3 到此url去认证
memcached_servers = controller:11211 memcache数据库地址:端口
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency] 指定锁路径
lock_path = /var/lib/nova/tmp 锁的作用是创建虚拟机时,在执行某个操作的时候,需要等此步骤执行完后才能执行下一个步骤,不能并行执行,保证操作是一步一步的执行
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc] 此处如果配置不正确,则连接不上虚拟机的控制台
enabled = true 是否启用,启用
server_listen = $my_ip 指定vnc的监听地址
server_proxyclient_address = $my_ip server的客户端地址为本机地址;此地址是管理网的地址
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement 对接数据库
二.初始化数据库
初始化nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
注册cell0数据库
注:nova服务内部把资源划分到不同的cell中,把计算节点划分到不同的cell中;openstack内部基于cell把计算节点进行逻辑上的分组
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建cell1单元格
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
初始化nova数据库
注:可以通过 /var/log/nova/nova-manage.log 日志判断是否初始化成功
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
命令验证cell0和cell1是否注册成功
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
5.启动Nova服务,检查nova服务端口
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# netstat -tnlup|egrep '8774|8775'
[root@controller ~]# curl http://controller:8774
计算节点配置Nova服务-ct1,ct2节点
注:注意配置文件中ip地址不同
安装nova-compute组件
yum -y install openstack-nova-compute
如果安装不上:
注:可是你前面基础环境部署没安装好
yum -y install openstack-nova-compute
修改Nova配置文件
cp -a /etc/nova/nova.conf{
,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.101 (20.0.0.102) 修改为对应节点1,2的内部IP
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.100.11:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
查看配置内容
[root@compute01 nova]# cat nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 20.0.0.101
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu 调用底层虚拟化资源
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency] 保持串行操作
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = 0.0.0.0 监听所有端口
server_proxyclient_address = $my_ip
novncproxy_base_url = http://20.0.0.100:6080/vnc_auto.html (域名跳转设置)比较特殊的地方,需要手动添加IP地址,否则之后搭建成功后,无法通过UI控制台访问到内部虚拟机
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
开启libvirtd服务(实时同步)
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
三.验证controller节点配置
查看compute节点是否注册到controller上,通过消息队列;需要在controller节点执行
[root@controller ~]# openstack compute service list --service nova-compute
扫描当前openstack中有哪些计算节点可用,发现后会把计算节点创建到cell中,后面就可以在cell中创建虚拟机;相当于openstack内部对计算节点进行分组,把计算节点分配到不同的cell中
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
默认每次添加个计算节点,在控制端就需要执行一次扫描,这样会很麻烦,所以可以修改控制端nova的主配置文件
[root@controller ~]# vim /etc/nova/nova.conf
...
[scheduler]
discover_hosts_in_cells_interval = 300 每300秒扫描一次
[root@controller ~]# systemctl restart openstack-nova-api.service
五.验证计算节点服务
检查 nova 的各个服务是否都是正常,以及 compute 服务是否注册成功
[root@controller ~]# openstack compute service list
查看各个组件的 api 是否正常
[root@controller ~]# openstack catalog list
查看是否能够拿到镜像
[root@controller ~]# openstack image list
查看cell的api和placement的api是否正常,只要其中一个有误,后期无法创建虚拟机
[root@controller ~]# nova-status upgrade check
