一、概述
使用OpenStack计算服务来托管和管理云计算系统。OpenStack计算服务是基础设施即服务(IaaS)系统的主要部分,模块主要由Python实现。
OpenStack计算组件请求OpenStack Identity服务进行认证;请求OpenStack Image服务提供磁盘镜像;为OpenStack dashboard提供用户与管理员接口。磁盘镜像访问限制在项目与用户上;配额以每个项目进行设定(例如,每个项目下可以创建多少实例)。OpenStack
组件可以在标准硬件上水平大规模扩展,并且下载磁盘镜像启动虚拟机实例。
OpenStack计算服务由下列组件所构成:
nova-api 服务:接受并响应所有计算服务请求,管理虚拟机(云主机)生命周期。
nova-api-metadata 服务:接受来自虚拟机发送的元数据请求。
nova-compute服务(多个):真正管理虚拟机(nova-compute调用libvirt)。
nova-scheduler服务:nova调度器(挑选出最合适的nova-compute来创建虚拟机)。
nova-conductor模块:帮助nova-compute代理修改数据库中虚拟机的状态。
nova-cert模块:服务器守护进程向Nova Cert服务提供X509证书。用来为euca-bundle-image
生成证书。仅仅是在EC2 API的请求中使用
nova-network worker 守护进程:与nova-compute
服务类似,从队列中接受网络任务,并且操作网络。执行任务例如创建桥接的接口或者改变IPtables的规则。
nova-consoleauth 守护进程和nova-novncproxy 守护进程:web版的vnc来直接操作云主机。
nova-spicehtml5proxy 守护进程:提供一个代理,用于访问正在运行的实例,通过 SPICE 协议,支持基于浏览器的 HTML5 客户端。
nova-xvpvncproxy 守护进程:提供一个代理,用于访问正在运行的实例,通过VNC协议,支持OpenStack特定的Java客户端。
nova-cert 守护进程:X509 证书。
nova客户端:用于用户作为租户管理员或最终用户来提交命令。
队列:一个在守护进程间传递消息的中央集线器。
1、安装和配置Nova计算服务之前,必须创建数据库,服务凭证和API端点。
1)确认安装mariadb,以root用户身份登陆,使数据库 访问客户端连接到数据库服务器
[root@controller ~]# mysql -u root -p #以root用户身份登陆
Enter password: (密码whj1218)
2)创建数据库nova、nova_api、nova_cell0、placement
MariaDB [(none)]> CREATE DATABASE nova; #创建数据库nova
MariaDB [(none)]> CREATE DATABASE nova_api; #创建数据库nova_api
MariaDB [(none)]> CREATE DATABASE nova_cell0; #创建数据库nova_cell0
MariaDB [(none)]> CREATE DATABASE placement; #创建数据库placement
MariaDB [(none)]> show databases;#查数据表
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
| placement |
+--------------------+
3)对上面创建的数据库授予合适账户访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'whj1218' ;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_placement.* TO 'nova'@'localhost' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_placement.* TO 'nova'@'%' IDENTIFIED BY 'whj1218';
MariaDB [(none)]> select user,host from mysql.user;
+----------+-----------+
| user | host |
+----------+-----------+
| glance | % |
| keystone | % |
| nova | % |
| root | 127.0.0.1 |
| root | ::1 |
| glance | localhost |
| keystone | localhost |
| nova | localhost |
| root | localhost |
+----------+-----------+
MariaDB [(none)]> quit #退出数据库
2.在keystone上面注册nova服务
1)在keystone上创建nova用户
[root@controller ~]# source keystone-admin-pass.sh #加载admin凭据的环境变量
[root@controller ~]# openstack user create --domain default --password=whj1218 #nova 创建用户nova
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password: ,密码whj1218
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d41274fd47e044d4baef61aeef98d0c8 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack user list #列出用户
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 4640a445474e44abba73328aa81a805b | admin |
| 9c1f982fc354433dbea4d060681619bf | myuser |
| 0356c4d61dcf4afb9d8df45c1dea3ffc | my_user |
| b2f7c49185004822957e5e40227b833a | glance |
| d41274fd47e044d4baef61aeef98d0c8 | nova |
+----------------------------------+---------+
2)在keystone上将nova用户配置为admin角色并添加进service项目
[root@controller ~]# openstack role add --project service --user nova admin
3)创建nova计算服务的实体
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 3a4e43c903d14e2f9f8839d55b62e360 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack service list #列出服务
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 04289507c30f41faa7ba4e5f730db3d0 | glance | image |
| 3a4e43c903d14e2f9f8839d55b62e360 | nova | compute |
| 5bf0447c80e44bc5a68d8ccc554d81e8 | keystone | identity |
+----------------------------------+----------+----------+
4)创建计算服务的API端点(endpoint)
创建endpoint
OpenStack使用三个API端点变种代表每种服务:admin,internal和public。默认情况下,管理API端点允许修改用户和租户而公共和内部APIs不允许这些操作。在生产环境中,处于安全原因,变种为了服务不同类型的用户可能驻留在单独的网络上。对实例而言,公共API网络为了让顾客管理他们自己的云在互联网上是可见的。管理API网络在管理云基础设施的组织中操作也是有所限制的。内部API网络可能会被限制在包含OpenStack服务的主机上。此外,OpenStack支持可伸缩性的多区域。为了简单起见,本指南为所有端点变种和默认RegionOne
区域都使用管理网络。
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 #创建公有端点public
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 79d5319675d34bc89bd4e1775f8477fd |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a4e43c903d14e2f9f8839d55b62e360 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 #创建私有端点internal
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1098726adea6413ab5a222547b0d203a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a4e43c903d14e2f9f8839d55b62e360 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 #创建admin端点
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 817b9881d0db41549c4ce48c6b13d8ba |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a4e43c903d14e2f9f8839d55b62e360 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint list #列出所有端点
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| 03317d828e5944daaa9b9806c92b6319 | RegionOne | glance | image | True | public | http://controller:9292 |
| 1098726adea6413ab5a222547b0d203a | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1 |
| 3ad1568a787d467893daf154e65d60d2 | RegionOne | glance | image | True | internal | http://controller:9292 |
| 6d5e77dc42a243c5810c29f679a486f8 | RegionOne | glance | image | True | admin | http://controller:9292 |
| 79d5319675d34bc89bd4e1775f8477fd | RegionOne | nova | compute | True | public | http://controller:8774/v2.1 |
| 817b9881d0db41549c4ce48c6b13d8ba | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1 |
| bcbf96c2a7d54d1181d75e752eb1642d | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| d41a39b417964676b6cfea658a7f3d01 | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
| f25f1eab7c8b4c4489f1c84234be9912 | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
5)创建放置placement服务凭证
[root@controller ~]# openstack user create --domain default --password=whj1218 placement
[root@controller ~]# openstack user create --domain default --password-prompt placement#创建placement用户
User Password: 密码为whj1218
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d7bc1525577b4800b1893077da1c1b26 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin #在keystone上将placement用户配置为admin角色并添加进service项目
[root@controller ~]# openstack service create --name placement --description "Placement API" placement #创建放置服务placement的API实体入口
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 06057671fff0479682a1d2ef1b3f710b |
| name | placement |
| type | placement |
+-------------+----------------------------------+
创建placement项目的endpoint(API端口)
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e6e34f670f8941c6b37fc74ca0ad7522 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 06057671fff0479682a1d2ef1b3f710b |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ca654b06a0694735865181664b1d627f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 06057671fff0479682a1d2ef1b3f710b |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 128f6b340dbe4a88bef0217208efd751 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 06057671fff0479682a1d2ef1b3f710b |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| 03317d828e5944daaa9b9806c92b6319 | RegionOne | glance | image | True | public | http://controller:9292 |
| 1098726adea6413ab5a222547b0d203a | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1 |
| 128f6b340dbe4a88bef0217208efd751 | RegionOne | placement | placement | True | admin | http://controller:8778 |
| 3ad1568a787d467893daf154e65d60d2 | RegionOne | glance | image | True | internal | http://controller:9292 |
| 6d5e77dc42a243c5810c29f679a486f8 | RegionOne | glance | image | True | admin | http://controller:9292 |
| 79d5319675d34bc89bd4e1775f8477fd | RegionOne | nova | compute | True | public | http://controller:8774/v2.1 |
| 817b9881d0db41549c4ce48c6b13d8ba | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1 |
| bcbf96c2a7d54d1181d75e752eb1642d | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| ca654b06a0694735865181664b1d627f | RegionOne | placement | placement | True | internal | http://controller:8778 |
| d41a39b417964676b6cfea658a7f3d01 | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
| e6e34f670f8941c6b37fc74ca0ad7522 | RegionOne | placement | placement | True | public | http://controller:8778 |
| f25f1eab7c8b4c4489f1c84234be9912 | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
3.在控制节点安装nova相关服务
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
[root@controller ~]# cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@controller ~]# grep "^[a-z[]" /etc/nova/nova.conf.bak > /etc/nova/nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis=osapi_compute,metadata
my_ip=192.168.136.134
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
transport_url=rabbit://openstack:whj1218@controller
[api]
auth_strategy=keystone
[api_database]
connection = mysql+pymysql://nova:whj1218@controller/nova_api
...........
[database]
connection = mysql+pymysql://nova:whj1218@controller/nova
........
[glance]
api_servers = http://controller:9292
..........
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers=controller:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=whj1218
.......
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
..........
[placement]
region_name=RegionOne
project_domain_name=Default
project_name=service
auth_type=password
user_domain_name=Default
auth_url=http://controller:5000/v3
username=placement
password=whj1218
...........
[vnc]
enabled=true
server_listen='my_ip'
.............
3)创建配置文件/etc/httpd/conf.d/00-nova-placement-api.conf
[root@controller ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
WSGIScriptAlias / /usr/bin/nova-placement-api
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/nova/nova-placement-api.log
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
</VirtualHost>
Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
末尾处添加下面一段代码
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启httpd服务,查看服务状态
[root@controller ~]# systemctl restart httpd
[root@controller ~]# systemctl status httpd
4.同步nova数据(注意同步顺序)
nova_api有32张表,placement有32张表,nova_cell0有110张表,nova也有110张表
1)初始化nova-api和placement数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
验证数据库
[root@controller ~]# mysql -h192.168.136.134 -unova -pwhj1218 -e "use nova_api;show tables;" #有32张数据表
[root@controller ~]# mysql -h192.168.136.134 -uplacement -pwhj1218 -e "use placement;show tables;"
通过对比可知,nova_api和placement都有32张表,区别在于nova_api数据库的cell_mappings表多两条数据,存放的是nova和rabbitmq等的配置信息
2)初始化nova_cell0和nova数据库
注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建cell1单元
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
初始化nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova # 这里遇到两个警告信息,不是很严重,后续版本会修复,再重新执行一下就不会报了
检查确认cell0和cell1注册成功
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 84a45fca-3cda-432e-b67d-118afd69ab54 | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
返回的数据存储在nova_api数据库的cell_mappings表中
验证数据库
[root@controller ~]# mysql -h192.168.136.134 -unova -pwhj1218 -e "use nova_cell0;show tables;"
[root@controller ~]# mysql -h192.168.136.134 -unova -pwhj1218 -e "use nova_api;show tables;"
通过对比可知,这两个数据库的表目前完全一样,区别在于nova数据库的service表中有4条数据,存放的是当前版本nova相关服务的注册信息
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service #启动服务
[root@controller ~]# systemctl status openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service #查看服务状态
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service #设置开机自启动
[root@controller ~]# systemctl list-unit-files |grep openstack-nova* |grep enabled #检查是否都开机启动了
openstack-nova-api.service enabled
openstack-nova-conductor.service enabled
openstack-nova-consoleauth.service enabled
openstack-nova-novncproxy.service enabled
openstack-nova-scheduler.service enabled
至此,在控制节点安装nova计算服务就完成