Compute service overview 计算服务概述

OpenStack用于对主机的计算和管理云计算系统。OpenStack的计算是一个基础设施即服务(IaaS)系统的一个重要组成部分。主要模块是用python实现的。

OpenStack计算与OpenStack身份验证交互用来完成认证;OpenStack镜像服务用于磁盘和服务器镜像;用户和管理接口为OpenStack Dashboard。镜像访问受到项目和用户的限制,每个项目的配额是有限的(例如,实例的数量)。OpenStack计算可以在标准硬件上水平缩放,并将镜像下载来启动实例。

OpenStack计算包括以下领域及其组件:

nova-api service:接受并响应终端用户计算API调用。服务支持OpenStack Compute API,亚马逊EC2 API,以及一些特权用户为了执行管理动作的特殊的 Admin API 。它强制执行一些策略并启动很多编排动作,例如运行实例。

nova-api-metadata service:接受来自实例的元数据请求。当您在多主机模式下运行nova-network安装时,通常使用它。

nova-compute service:通过hypervisor APIs来创建和终止虚拟机实例的后台工作守护程序。例如:

XenAPI for XenServer/XCP

libvirt for KVM or QEMU

VMwareAPI for VMware

处理相当复杂。基本上,守护进程接收来自队列的动作和执行一系列的系统命令,例如创建KVM实例并更新它的状态到数据库。

nova-placement-api service:跟踪每个提供者的库及使用情况。

nova-scheduler service:从队列获取虚拟机实例请求并确定它要在哪个计算服务器主机运行。

nova-conductor module位于nova-compute和数据库的中间层,用来避免nova-compute与数据库直接进行交互。不要将其部署到nova-compute service运行的节点上。

nova-consoleauth daemon:授权控制台代理提供的用户令牌。次服务必须运行,控制台代理服务才能工作。

nova-novncproxy daemon:通过一个VNC连接来提供一个代理访问运行中的实例。支持基于浏览器的novnc客户端

nova-spicehtml5proxy daemon:通过一个SPICE连接来提供一个代理访问运行中的实例。支持基于浏览器的HTML5客户端

nova-xvpvncproxy daemon:通过一个VNC连接来提供一个代理访问运行中的实例。支持OpenStack-specific Java客户端

The queue

  在各进程间传递消息的消息队列服务,通常使用RabbitMQ,也可以用其它的AMQP消息队列实现,如ZeroMQ

SQL database

  存储云基础架构的构建时和运行时的状态。包含:

 Available instance types

 Instances in use

 Available networks

 Projects

 

controller上安装计算服务nova

 

前提准备工作:

   在安装nova之前,必须创建databases, service credentials, API endpoints.

1、使用root登陆数据库  

[root@controller ~]# mysql -u root -p123.com

2、创建nova_api,novanova_cell0数据库

MariaDB [(none)]> CREATE DATABASE nova_api;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova_cell0;

Query OK, 1 row affected (0.00 sec)

3、授权访问新创建的数据库。

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.00 sec)

4、授权admin访问命令行

[root@controller ~]# source  admin_keystone

5、创建计算服务凭证

创建onva用户

[root@controller ~]# openstack user create --domain default --password-prompt nova

User Password:123.com

Repeat User Password:123.com

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 4ff900fa39444bd4b2d915256db6cc64 |

| name                | nova                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

nova用户加入到admin角色和service项目

[root@controller ~]# openstack role add --project service --user nova admin

该命令没有输出

创建nova服务项目

[root@controller ~]#openstack role add --project service --user nova admin   
[root@controller ~]#openstack service create --name nova  --description "OpenStack Compute" compute

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Compute                |

| enabled     | True                             |

| id          | 63ffd9242b8d417ea6dc3539b277643f |

| name        | nova                             |

| type        | compute                          |

+-------------+----------------------------------+

 

6、创建计算服务service endpoints

[root@controller ~]#openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 321778d997f44024b6e237bb02cc0019 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 63ffd9242b8d417ea6dc3539b277643f |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f3d795a403bb4f1f8ebb2e26908a16d9 |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 63ffd9242b8d417ea6dc3539b277643f |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | e33f5c4173f547c3a9934c7ea772a27d |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 63ffd9242b8d417ea6dc3539b277643f |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

 

7、创建Placement用户

[root@controller ~]# openstack user create --domain default --password-prompt placement

User Password:123.com

Repeat User Password:123.com

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | a25410b4c41f4678ae66f0e292b744bf |

| name                | placement                        |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

 

8、添加Placement用户到admin角色

[root@controller ~]# openstack role add --project service --user placement admin

9、创建placement API服务项

[root@controller ~]# openstack service create --name placement --description "Placement API" placement

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Placement API                    |

| enabled     | True                             |

| id          | e6a72cf6bb934d229886837287b80078 |

| name        | placement                        |

| type        | placement                        |

+-------------+----------------------------------+

10、创建Placement API service endpoints:

[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 1f12d0c0667844158364bb94fdd69414 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | e6a72cf6bb934d229886837287b80078 |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | ee9470cd82dc440d8268c2b2629ac8ca |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | e6a72cf6bb934d229886837287b80078 |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 373a3cf57d1a4161a498a80d2405a585 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | e6a72cf6bb934d229886837287b80078 |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

 

 

安装和配置nova

1、安装包

[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api

2、编辑/etc/nova/nova.conf配置文件,完成以下设置

[root@controller ~]# vim  /etc/nova/nova.conf

  [DEFAULT]部分激活仅computemetadata APIs:

[DEFAULT]

# ...

enabled_apis = osapi_compute,metadata

  [api_database][database]部分配置数据库连接

[api_database]

# ...

connection = mysql+pymysql://nova:123.com@controller/nova_api

 

[database]

# ...

connection = mysql+pymysql://nova:123.com@controller/nova

   [DEFAULT]部分配置到RabbitMQ消息队列的访问

[DEFAULT]

# ...

transport_url = rabbit://openstack:123.com@controller

   [api][keystone_authtoken]部分配置身份验证服务的访问

[api]

# ...

auth_strategy = keystone

 

[keystone_authtoken]

# ...

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = 123.com

[DEFAULT]部分配置my_ip选项,地址指向controller管理IP地址

[DEFAULT]

# ...

my_ip = 10.0.0.11

  [DEFAULT]部分配置对于网络服务的支持

[DEFAULT]

# ...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

  [vnc]部分配置VNC代理,使用controller管理接口IP地址

[vnc]

enabled = true

# ...

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

  [glance]部分配置本地镜像服务API

[glance]

# ...

api_servers = http://controller:9292

  [oslo_concurrency]配置锁定路径

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

  [placement]部分配置Placement API

[placement]

# ...

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = 123.com

  为了解决包的bug,你必须将以下配置添加到/etc/httpd/conf.d/00-nova-placement-api.conf文件中,来激活Placement API的访问

[root@controller ~]#vim  /etc/httpd/conf.d/00-nova-placement-api.conf

<Directory /usr/bin>

   <IfVersion >= 2.4>

      Require all granted

   </IfVersion>

   <IfVersion < 2.4>

      Order allow,deny

      Allow from all

   </IfVersion>

</Directory>

   重新启动httpd服务

[root@controller ~]# systemctl restart httpd.service

3、初始nova_api数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova

4、注册cell0数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

5、创建cell

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a

6、初始nova数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova

7、检查nova cell0和cell1是否正确注册

[root@controller ~]# nova-manage cell_v2 list_cells

+-------+--------------------------------------+------------------------------------+-------------------------------------------------+

|  Name |                 UUID                 |           Transport URL            |               Database Connection               |

+-------+--------------------------------------+------------------------------------+-------------------------------------------------+

| cell0 | 00000000-0000-0000-0000-000000000000 |               none:/               | mysql+pymysql://nova:****@controller/nova_cell0 |

| cell1 | 4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a | rabbit://openstack:****@controller |    mysql+pymysql://nova:****@controller/nova    |

+-------+--------------------------------------+------------------------------------+-------------------------------------------------+

 

完成安装:

启动计算服务并设置开机启动

 

[root@controller ~]# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service


 

compute上安装nova

本节描述如何在计算节点上安装和配置计算服务。服务支持多种hypervisors部署实例或虚拟机(VM)。为简单起见,这个配置使用带KVMQEMU扩展计算节点,需要硬件支持虚拟机的硬件加速。在传统的硬件,这样的配置使用通用的QEMU虚拟机管理程序。

安装和配置:

1、安装包

[root@compute1 ~]# yum -y install openstack-nova-compute

2、编辑和配置/etc/nova/nova.conf完成以下设置

[root@compute1 ~]vim /etc/nova/nova.conf

[DEFAULT]部分激活仅computemetadata APIs:

[DEFAULT]

# ...

enabled_apis = osapi_compute,metadata

   [DEFAULT]部分配置到RabbitMQ消息队列的访问

[DEFAULT]

# ...

transport_url = rabbit://openstack:123.com@controller

   [api][keystone_authtoken]部分配置身份验证服务的访问

[api]

# ...

auth_strategy = keystone

 

[keystone_authtoken]

# ...

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = 123.com

[DEFAULT]部分配置my_ip选项,地址指向controller管理IP地址

[DEFAULT]

# ...

my_ip = 10.0.0.31

  [DEFAULT]部分配置对于网络服务的支持

[DEFAULT]

# ...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

      [vnc]部分,配置并激活远程console访问。

[vnc]

# ...

enabled = True

vncserver_listen = 0.0.0.0     侦听所有的IP地址

vncserver_proxyclient_address = $my_ip   自己的管理IP地址

novncproxy_base_url = http://controller:6080/vnc_auto.html

基本URL表示您可以在本地使用Web浏览器访问此计算节点上实例的远程控制台的位置。可以将名字换成IP地址。

[glance]部分配置本地镜像服务API

[glance]

# ...

api_servers = http://controller:9292

  [oslo_concurrency]配置锁定路径

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

  [placement]部分配置Placement API

[placement]

# ...

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = 123.com

完成安装

  1、确定计算节点是否支持虚拟机的硬件加速:

[root@compute1 ~]#egrep -c '(vmx|svm)' /proc/cpuinfo

     如果返回的值为1或者更大,说明你的计算节点支持硬件加速,通常不需要额外配置,如果返回的值为0,说明你的计算节点不支持硬件加速,你必须将libvirt配置为QEMU,来替代默认的KVM。编辑/etc/nova/nova.conf文件:

[root@compute1 ~]# vim /etc/nova/nova.conf

[libvirt]

# ...

virt_type = qemu

2、启动计算服务,包括它的依赖项,并配置它们在系统启动时自动启动:

   

[root@compute1 ~]#systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute1 ~]#systemctl start libvirtd.service openstack-nova-compute.service

如果不能正常启动,一般是controller上的消息服务的5672端口被拒绝访问,配置防火墙允许即可。

添加计算节点到cell数据库

操作在controller节点上

1、提供admin管理凭证以便操作命令,然后确认数据库中有计算主机:

[root@controller ~]source  admin_keystone
[root@controller ~]openstack compute service list --service nova-compute


+----+--------------+----------+------+---------+-------+----------------------------+

| ID | Binary       | Host     | Zone | Status  | State | Updated At                 |

+----+--------------+----------+------+---------+-------+----------------------------+

|  6 | nova-compute | compute1 | nova | enabled | up    | 2017-09-19T10:21:16.000000 |

+----+--------------+----------+------+---------+-------+----------------------------+

 

2、发现计算主机

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

Found 2 cell mappings.

Skipping cell0 since it does not contain hosts.

Getting compute nodes from cell 'cell1': 4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a

Found 1 unmapped computes in cell: 4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a

Checking host mapping for compute host 'compute1': f21b277b-0649-4c7c-be7d-f2241d1d6972

Creating host mapping for compute host 'compute1': f21b277b-0649-4c7c-be7d-f2241d1d6972

 

   当你添加新的计算节点,你必须要在控制节点上运行nova-manage cell_v2 discover_hosts”命令来注册这些新的计算节点。或者,你可以在配置文件中设置一个适当的时间间隔:/etc/nova/nova.conf,默认是不自动发现,单位是秒。

[root@controller ~]# vim /etc/nova/nova.conf

[scheduler]

discover_hosts_in_cells_interval = 300

检查操作

  检查计算服务的操作,在控制节点上执行以下命令:

1、执行admin命令行运行环境

[root@controller ~]# source admin_keystone

2、列出服务组件,以验证成功启动和注册的每个进程

[root@controller ~]# openstack compute service list

+----+------------------+------------+----------+---------+-------+----------------------------+

| ID | Binary           | Host       | Zone     | Status  | State | Updated At                 |

+----+------------------+------------+----------+---------+-------+----------------------------+

|  1 | nova-consoleauth | controller | internal | enabled | up    | 2017-09-19T10:25:32.000000 |

|  2 | nova-conductor   | controller | internal | enabled | up    | 2017-09-19T10:25:32.000000 |

|  3 | nova-scheduler   | controller | internal | enabled | up    | 2017-09-19T10:25:32.000000 |

|  6 | nova-compute     | compute1   | nova     | enabled | up    | 2017-09-19T10:25:36.000000 |

+----+------------------+------------+----------+---------+-------+----------------------------+

 

其输处中有3个服务组件是激活在控制节点,一个服务组件是激活在计算节点

3、列出身份服务中的API endpoints,以验证与身份服务的连通性,显示结果和安装的组件有关。

[root@controller ~]# openstack catalog list

+-----------+-----------+-----------------------------------------+

| Name      | Type      | Endpoints                               |

+-----------+-----------+-----------------------------------------+

| nova      | compute   | RegionOne                               |

|           |           |   public: http://controller:8774/v2.1   |

|           |           | RegionOne                               |

|           |           |   admin: http://controller:8774/v2.1    |

|           |           | RegionOne                               |

|           |           |   internal: http://controller:8774/v2.1 |

|           |           |                                         |

| glance    | p_w_picpath     | RegionOne                               |

|           |           |   admin: http://controller:9292         |

|           |           | RegionOne                               |

|           |           |   internal: http://controller:9292      |

|           |           | RegionOne                               |

|           |           |   public: http://controller:9292        |

|           |           |                                         |

| keystone  | identity  | RegionOne                               |

|           |           |   public: http://controller:5000/v3/    |

|           |           | RegionOne                               |

|           |           |   admin: http://controller:35357/v3/    |

|           |           | RegionOne                               |

|           |           |   internal: http://controller:5000/v3/  |

|           |           |                                         |

| placement | placement | RegionOne                               |

|           |           |   public: http://controller:8778        |

|           |           | RegionOne                               |

|           |           |   admin: http://controller:8778         |

|           |           | RegionOne                               |

|           |           |   internal: http://controller:8778      |

|           |           |                                         |

+-----------+-----------+-----------------------------------------+

 

4、列出镜像服务的列表,检查和镜像服务的连通性

[root@controller ~]# openstack p_w_picpath list

+--------------------------------------+--------+--------+

| ID                                   | Name   | Status |

+--------------------------------------+--------+--------+

| 0dbab038-9df1-4b57-9046-2da8a2e83b39 | cirros | active |

+--------------------------------------+--------+--------+

 

5、检查cellsplacement API是否成功工作

[root@controller ~]# nova-status upgrade check
[root@controller ~]# nova-status upgrade check

+---------------------------+

| Upgrade Check Results     |

+---------------------------+

| Check: Cells v2           |

| Result: Success           |

| Details: None             |

+---------------------------+

| Check: Placement API      |

| Result: Success           |

| Details: None             |

+---------------------------+

| Check: Resource Providers |

| Result: Success     (成功)      |

| Details: None             |

+---------------------------+