Openstack之路(四)计算服务Nova
Nova的概述Nova是Openstack云中的计算组织控制器。支持Openstack云中实例(Instances)生命周期的所有活动都由Nova处理。这样使得Nova成为一个负责管理计算资源、网络、认证、所需可扩展性的平台。但是Nova自身并没有提供任何虚拟化能力,相反它使用Libvirt API来与被支持的Hypervisors交互。Nova通过一个与Amazon Web Services(AWS)EC2 API兼容的Web Services API来对外提供服务。
Nova的组件
[*]Nova-API
Nova-API是整个Nova组件的门户,所有对Nova的请求都首先由Nova-API来处理,接收到外部的请求后通过Message Queue将请求发送给其它的服务组件。
[*]Nova-Scheduler
Nova-Scheduler负责决策虚拟机创建在那台主机(计算节点)上。
[*]Nova-Compute
Nova-Compute处理管理实例生命周期,通过Message Queue接收实例生命周期管理的请求,并承担操作工作。
[*]Nova-Conductor
Nova-Compute需要获取和更新数据库中Instance的信息,但是Nova-Compute并不会直接访问数据库,而是通过Nova-Conductor实现数据的访问。这样做有两个显著好处,其一更高的系统安全性,其二更好的系统伸缩性。
在Openstack的早期版本中,Nova-Compute可以直接访问数据库,但这样存在非常大的安全隐患。因为Nova-Compute这个服务是部署在计算节点上的,为了能够访问控制节点上的数据库,就必须在计算节点的/etc/nova/nova.conf中配置访问数据库的连接信息,试想任意一个计算节点被黑客入侵,都会导致部署在控制节点上的数据库面临极大风险。这样就避免了Nova-Compute直接访问数据库,增加了系统的安全性。
Nova-Conductor将Nova-Compute与数据库解耦之后还带来另一个好处就是提高了Nova的伸缩性。Nova-Compute与Conductor是通过消息中间件交互的,这种松散的架构允许配置多个Nova-Conductor实例,在一个大规模的Openstack部署环境里,管理员可以通过增加Nova-Conductor的数量来应对日益增长的计算节点对数据库的访问。
Nova的工作流程
安装配置控制节点
Nova的安装
[*]创建数据库服务的凭据以及API Endpoints
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
MariaDB [(none)]> grant all on nova.* to 'nova'@'localhost' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova.* to 'nova'@'%' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova_api.* to 'nova'@'%' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[*]获得admin凭证来获取只有管理员能执行的命令的访问权限
# source admin-openrc
[*]要创建服务证书,完成这些步骤
创建nova用户
# openstack user create --domain default \
--password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 99f1a510951741419024f5d19227046c |
| name | nova |
| password_expires_at | None |
+---------------------+----------------------------------+
给nova用户添加admin角色
# openstack role add --project service --user nova admin
创建nova服务实体
# openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建Compute服务API端点
# openstack endpoint create --region RegionOne \
compute public http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | e1609436807842caae0caf293ae61882 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
# openstack endpoint create --region RegionOne \
compute internal http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 2f5db2a54b5b49b7aa8aa517e693778a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
# openstack endpoint create --region RegionOne \
compute admin http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 7b6d8e440ac14266b42508c9f6ca892b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
安装Nova相关软件包
# yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
# rpm -qa openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
openstack-nova-conductor-14.0.10-1.el7.noarch
openstack-nova-novncproxy-14.0.10-1.el7.noarch
openstack-nova-api-14.0.10-1.el7.noarch
openstack-nova-scheduler-14.0.10-1.el7.noarch
openstack-nova-console-14.0.10-1.el7.noarch
Nova的配置
[*]编辑/etc/nova/nova.conf文件并完成下面的操作
# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)
# vim /etc/nova/nova.conf
在部分,只启用计算和元数据API
......
3052 enabled_apis = osapi_compute,metadata
在和部分,配置数据库的连接
......
3661 connection = mysql+pymysql://nova:nova@192.168.56.11/nova_api
......
4678 connection = mysql+pymysql://nova:nova@192.168.56.11/nova
在部分,配置RabbitMQ消息队列访问权限
......
3601 transport_url = rabbit://openstack:openstack@192.168.56.11
在和部分,配置认证服务访问
......
14 auth_strategy = keystone
5431 auth_uri = http://192.168.56.11:5000
5432 auth_url = http://192.168.56.11:35357
5433 memcached_servers = 192.168.56.11:11211
5434 auth_type = password
5435 project_domain_name = Default
5436 user_domain_name = Default
5437 project_name = service
5438 username = nova
5439 password = nova
在 部分,启用网络服务支持
......
2062 use_neutron = True
3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver
在部分,配置VNC代理使用控制节点的管理接口IP地址
......
8326 vncserver_listen = 0.0.0.0
8338 vncserver_proxyclient_address = 192.168.56.11
在区域,配置镜像服务API的位置
......
4815 api_servers = http://192.168.56.11:9292
在部分,配置锁路径
......
6707 lock_path = /var/lib/nova/tmp
[*]同步Compute数据库,可以忽略警告信息
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova
# mysql -unova -pnova -e "use nova;show tables;"|wc -l
111
# mysql -unova -pnova -e "use nova_api;show tables;"|wc -l
21
[*]启动Compute服务,并将其设置为随系统启动
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl status openstack-nova-api.service
# systemctl status openstack-nova-consoleauth.service
# systemctl status openstack-nova-scheduler.service
# systemctl status openstack-nova-conductor.service
# systemctl status openstack-nova-novncproxy.service
Nova验证操作
# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | consoleauth | internal |
| linux-node1 | scheduler | internal |
+-------------+-------------+----------+
# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status| State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
|1 | nova-consoleauth | linux-node1 | internal | enabled | up | 2018-01-20T05:16:57.000000 |
|2 | nova-conductor | linux-node1 | internal | enabled | up | 2018-01-20T05:16:57.000000 |
|3 | nova-scheduler | linux-node1 | internal | enabled | up | 2018-01-20T05:16:57.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+
安装配置计算节点
Nova-Compute的安装
[*]添加Openstack仓库,安装Newton版
# yum -y install centos-release-openstack-newton
# rpm -qa centos-release-openstack-newton
centos-release-openstack-newton-1-2.el7.noarch
[*]安装Openstack客户端
# yum -y install python-openstackclient openstack-selinux
# rpm -qa python-openstackclient openstack-selinux
python-openstackclient-3.2.1-1.el7.noarch
openstack-selinux-0.8.11-1.el7.noarch
[*]安装Nova-Compute相关软件包
# yum -y install openstack-nova-compute
# rpm -qa openstack-nova-compute
openstack-nova-compute-14.0.10-1.el7.noarch
Nova-Compute的配置
[*]编辑/etc/nova/nova.conf文件并完成下面的操作
# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)
# vim /etc/nova/nova.conf
在部分,只启用计算和元数据API
......
3052 enabled_apis = osapi_compute,metadata
在部分,配置RabbitMQ消息队列访问权限
......
3601 transport_url = rabbit://openstack:openstack@192.168.56.11
在和部分,配置认证服务访问
......
14 auth_strategy = keystone
5431 auth_uri = http://192.168.56.11:5000
5432 auth_url = http://192.168.56.11:35357
5433 memcached_servers = 192.168.56.11:11211
5434 auth_type = password
5435 project_domain_name = Default
5436 user_domain_name = Default
5437 project_name = service
5438 username = nova
5439 password = nova
在部分,启用网络服务支持
......
2062 use_neutron = True
3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver
在部分,启用并配置远程控制台访问
......
8303 enabled = true
8326 vncserver_listen = 0.0.0.0
8338 vncserver_proxyclient_address = 192.168.56.12
8357 novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html
在区域,配置镜像服务API的位置
......
4815 api_servers = http://192.168.56.11:9292
在部分,配置锁路径
......
6707 lock_path = /var/lib/nova/tmp
Nava-Compute验证操作
[*]确定您的计算节点是否支持虚拟机的硬件加速
# egrep -c '(vmx|svm)' /proc/cpuinfo
1
如果这个命令返回了one or greater的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了zero值,那么你的计算节点不支持硬件加速。你必须配置libvirt来使用QEMU去代替KVM。
[*]启动计算服务及其依赖,并将其配置为随系统自动启动
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
# systemctl status libvirtd.service openstack-nova-compute.service
[*]获得admin凭证来获取只有管理员能执行的命令的访问权限
# source admin-openrc
[*]列出服务组件,以验证是否成功启动并注册了每个进程
# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | consoleauth | internal |
| linux-node1 | conductor | internal |
| linux-node1 | scheduler | internal |
| linux-node2 | compute | nova |
+-------------+-------------+----------+
# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status| State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
|1 | nova-consoleauth | linux-node1 | internal | enabled | up | 2018-01-20T05:52:58.000000 |
|2 | nova-conductor | linux-node1 | internal | enabled | up | 2018-01-20T05:52:57.000000 |
|3 | nova-scheduler | linux-node1 | internal | enabled | up | 2018-01-20T05:52:58.000000 |
|6 | nova-compute | linux-node2 | nova | enabled | up | 2018-01-20T05:53:02.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+
页:
[1]