目录
Compute service, code-named nova
Compute service, code-named nova
使用OpenStack Compute来托管和管理云计算系统。OpenStack Compute是基础架构即服务(IaaS)系统的重要组成部分。主要模块是用Python实现的。
OpenStack Compute与OpenStack Identity service、Image service、Dashboard交互,后者为其提供认证服务、磁盘和服务镜像服务、用户和管理接口。Image访问受到Project和User的限制; 每个Project的限额是有限的(例如,实例的数量)。OpenStack Compute可以在标准硬件上水平扩展,并下载Image以启动实例。
安装和配置(控制节点)
先决条件
- 创建数据库
# su - xiao
$ mysql -u root -p
创建nova_api,nova, and nova_cell0数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
授权三个数据库给nova用户
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
验证授权
MariaDB [mysql]> show grants for nova;
MariaDB [mysql]> select host,user from mysql.user where user like '%nova%';
MariaDB [(none)]> exit
- 创建nova[W用1] 用户
$ source /etc/openstack/admin-openrc
$ openstack user create --domain default --password-prompt nova
- 将admin角色绑给service项目、nova用户
$ openstack role add --project service --user nova admin
##查看角色分配情况
$ openstack role assignment list --user= nova
- 创建nova服务
openstack service create --name nova \
--description "OpenStack Compute" compute
- 创建nova服务的endpoint
openstack endpoint create --region RegionOne \
compute public http://controller-150:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://controller-150:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller-150:8774/v2.1
##验证创建的endpoint
$ openstack endpoint list --service nova
- 创建Placement [W用2] service 用户:placement
$ openstack user create --domain default --password-prompt placement
- 将admin角色赋予placement用户
$ openstack role add --project service --user placement admin
##查看角色分配情况
$ openstack role assignment list --user= placement
- 创建Placement API服务
$ openstack service create --name placement --description "Placement API" placement
- 创建Placement API服务的endpoint
openstack endpoint create --region RegionOne placement public http://controller-150:8778
openstack endpoint create --region RegionOne placement internal http://controller-150:8778
openstack endpoint create --region RegionOne placement admin http://controller-150:8778
##验证
$ openstack endpoint list --service=placement
安装和配置组件
- 安装软件包
# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
- 编辑配置文件/etc/nova/nova.conf
# vi /etc/nova/nova.conf
查找下面的关键字,并取消enabled_apis前面的注释
/enabled_apis
/transport_url
/my_ip
/use_neutron
/firewall_driver
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller-150
my_ip=192.168.11.150
##my_ip配置的是管理IP
use_neutron=true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
/\[api_database
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller-150/nova_api
/\[database
[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller-150/nova
/auth_strategy
[api]
# ...
auth_strategy = keystone
/\[keystone_authtoken
[keystone_authtoken]
# ...
auth_url = http://controller-150:5000/v3
memcached_servers = controller-150:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 你的密码
/\[vnc
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
/[glance
[glance]
# ...
api_servers = http://controller-150:9292
/\[oslo_concurrency
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
/\[placement
os_region_name is DEPRECATED,Use the region_name option instead.
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller-150:5000/v3
username = placement
password = PLACEMENT_PASS
openstack-nova-placement-api-15.0.0-1.el7.noarch存在BUG,需要编辑
/etc/httpd/conf.d/00-nova-placement-api.conf。但是现在我使用的是:
openstack-nova-placement-api-17.0.10-1.el7.noarch,应该不需要再处理了。后来创建Instance的时候出错了。。看来是我想多了[W用3] 。。需要将
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
添加到00-nova-placement-api.conf的最后。
- 重启httpd服务
systemctl restart httpd && systemctl status httpd
- 向mariadb中导入数据
##向nova-api导入数据
# su -s /bin/sh -c "nova-manage api_db sync" nova
经验证, nova-api数据库有32张表。
##注册cell0数据库 --- 非导入数据
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
##创建cell1 cell --- 非导入数据
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
2591a44a-a8ea-421e-bde0-f0e3087db102
##向nova-api导入数据
# su -s /bin/sh -c "nova-manage db sync" nova
警告信息:(可忽略)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
经验证有110张表。
- 验证nova、cell0、cell1已经注册成
# nova-manage cell_v2 list_cells
完成安装
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
检查服务状态
systemctl status openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
添加防火墙策略
nova-api: 8774\ 8775
nova-novncproxy:6080
httpd-placement:8778
firewall-cmd --add-port 8774/tcp --add-port 8775/tcp --add-port 6080/tcp --add-port 8778/tcp --permanent
firewall-cmd --reload && firewall-cmd --list-ports
具体参见:
https://docs.openstack.org/nova/queens/install/controller-install-rdo.html