Compute service overview 计算服务概述
OpenStack用于对主机的计算和管理云计算系统。OpenStack的计算是一个基础设施即服务(IaaS)系统的一个重要组成部分。主要模块是用python实现的。
OpenStack计算与OpenStack身份验证交互用来完成认证;OpenStack镜像服务用于磁盘和服务器镜像;用户和管理接口为OpenStack Dashboard。镜像访问受到项目和用户的限制,每个项目的配额是有限的(例如,实例的数量)。OpenStack计算可以在标准硬件上水平缩放,并将镜像下载来启动实例。
OpenStack计算包括以下领域及其组件:
nova-api service:接受并响应终端用户计算API调用。服务支持OpenStack Compute API,亚马逊EC2 API,以及一些特权用户为了执行管理动作的特殊的 Admin API 。它强制执行一些策略并启动很多编排动作,例如运行实例。
nova-api-metadata service:接受来自实例的元数据请求。当您在多主机模式下运行nova-network安装时,通常使用它。
nova-compute service:通过hypervisor APIs来创建和终止虚拟机实例的后台工作守护程序。例如:
XenAPI for XenServer/XCP
libvirt for KVM or QEMU
VMwareAPI for VMware
处理相当复杂。基本上,守护进程接收来自队列的动作和执行一系列的系统命令,例如创建KVM实例并更新它的状态到数据库。
nova-placement-api service:跟踪每个提供者的库及使用情况。
nova-scheduler service:从队列获取虚拟机实例请求并确定它要在哪个计算服务器主机运行。
nova-conductor module:位于nova-compute和数据库的中间层,用来避免nova-compute与数据库直接进行交互。不要将其部署到nova-compute service运行的节点上。
nova-consoleauth daemon:授权控制台代理提供的用户令牌。次服务必须运行,控制台代理服务才能工作。
nova-novncproxy daemon:通过一个VNC连接来提供一个代理访问运行中的实例。支持基于浏览器的novnc客户端。
nova-spicehtml5proxy daemon:通过一个SPICE连接来提供一个代理访问运行中的实例。支持基于浏览器的HTML5客户端。
nova-xvpvncproxy daemon:通过一个VNC连接来提供一个代理访问运行中的实例。支持OpenStack-specific Java客户端。
The queue
在各进程间传递消息的消息队列服务,通常使用RabbitMQ,也可以用其它的AMQP消息队列实现,如ZeroMQ
SQL database
存储云基础架构的构建时和运行时的状态。包含:
Available instance types
Instances in use
Available networks
Projects
在controller上安装计算服务nova
前提准备工作:
在安装nova之前,必须创建databases, service credentials, 和API endpoints.
1、使用root登陆数据库
[root@controller ~]# mysql -u root -p123.com
2、创建nova_api,nova和nova_cell0数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)
3、授权访问新创建的数据库。
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.00 sec)
4、授权admin访问命令行
[root@controller ~]# source admin_keystone
5、创建计算服务凭证
创建onva用户
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:123.com
Repeat User Password:123.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4ff900fa39444bd4b2d915256db6cc64 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将nova用户加入到admin角色和service项目
[root@controller ~]# openstack role add --project service --user nova admin
该命令没有输出
创建nova服务项目
[root@controller ~]#openstack role add --project service --user nova admin [root@controller ~]#openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 63ffd9242b8d417ea6dc3539b277643f |
| name | nova |
| type | compute |
+-------------+----------------------------------+
6、创建计算服务service endpoints
[root@controller ~]#openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 321778d997f44024b6e237bb02cc0019 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 63ffd9242b8d417ea6dc3539b277643f |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f3d795a403bb4f1f8ebb2e26908a16d9 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 63ffd9242b8d417ea6dc3539b277643f |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e33f5c4173f547c3a9934c7ea772a27d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 63ffd9242b8d417ea6dc3539b277643f |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
7、创建Placement用户
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:123.com
Repeat User Password:123.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a25410b4c41f4678ae66f0e292b744bf |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
8、添加Placement用户到admin角色
[root@controller ~]# openstack role add --project service --user placement admin
9、创建placement API服务项
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | e6a72cf6bb934d229886837287b80078 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
10、创建Placement API service endpoints:
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1f12d0c0667844158364bb94fdd69414 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e6a72cf6bb934d229886837287b80078 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ee9470cd82dc440d8268c2b2629ac8ca |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e6a72cf6bb934d229886837287b80078 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 373a3cf57d1a4161a498a80d2405a585 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e6a72cf6bb934d229886837287b80078 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
安装和配置nova
1、安装包
[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler openstack-nova-placement-api
2、编辑/etc/nova/nova.conf配置文件,完成以下设置
[root@controller ~]# vim /etc/nova/nova.conf
在[DEFAULT]部分激活仅compute和metadata APIs:
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
在[api_database]和[database]部分配置数据库连接
[api_database]
# ...
connection = mysql+pymysql://nova:123.com@controller/nova_api
[database]
# ...
connection = mysql+pymysql://nova:123.com@controller/nova
在[DEFAULT]部分配置到RabbitMQ消息队列的访问
[DEFAULT]
# ...
transport_url = rabbit://openstack:123.com@controller
在[api]和[keystone_authtoken]部分配置身份验证服务的访问
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123.com
在[DEFAULT]部分配置my_ip选项,地址指向controller管理IP地址
[DEFAULT]
# ...
my_ip = 10.0.0.11
在[DEFAULT]部分配置对于网络服务的支持
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在[vnc]部分配置VNC代理,使用controller管理接口IP地址
[vnc]
enabled = true
# ...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
在[glance]部分配置本地镜像服务API
[glance]
# ...
api_servers = http://controller:9292
在[oslo_concurrency]配置锁定路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
在[placement]部分配置Placement API
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123.com
为了解决包的bug,你必须将以下配置添加到/etc/httpd/conf.d/00-nova-placement-api.conf文件中,来激活Placement API的访问
[root@controller ~]#vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重新启动httpd服务
[root@controller ~]# systemctl restart httpd.service
3、初始nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
4、注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
5、创建cell
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a
6、初始nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
7、检查nova cell0和cell1是否正确注册
[root@controller ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 | 4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
完成安装:
启动计算服务并设置开机启动
[root@controller ~]# systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
在compute上安装nova
本节描述如何在计算节点上安装和配置计算服务。服务支持多种hypervisors部署实例或虚拟机(VM)。为简单起见,这个配置使用带KVM的QEMU扩展计算节点,需要硬件支持虚拟机的硬件加速。在传统的硬件,这样的配置使用通用的QEMU虚拟机管理程序。
安装和配置:
1、安装包
[root@compute1 ~]# yum -y install openstack-nova-compute
2、编辑和配置/etc/nova/nova.conf完成以下设置
[root@compute1 ~]vim /etc/nova/nova.conf
在[DEFAULT]部分激活仅compute和metadata APIs:
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
在[DEFAULT]部分配置到RabbitMQ消息队列的访问
[DEFAULT]
# ...
transport_url = rabbit://openstack:123.com@controller
在[api]和[keystone_authtoken]部分配置身份验证服务的访问
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123.com
在[DEFAULT]部分配置my_ip选项,地址指向controller管理IP地址
[DEFAULT]
# ...
my_ip = 10.0.0.31
在[DEFAULT]部分配置对于网络服务的支持
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在[vnc]部分,配置并激活远程console访问。
[vnc]
# ...
enabled = True
vncserver_listen = 0.0.0.0 侦听所有的IP地址
vncserver_proxyclient_address = $my_ip 自己的管理IP地址
novncproxy_base_url = http://controller:6080/vnc_auto.html
基本URL表示您可以在本地使用Web浏览器访问此计算节点上实例的远程控制台的位置。可以将名字换成IP地址。
在[glance]部分配置本地镜像服务API
[glance]
# ...
api_servers = http://controller:9292
在[oslo_concurrency]配置锁定路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
在[placement]部分配置Placement API
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123.com
完成安装
1、确定计算节点是否支持虚拟机的硬件加速:
[root@compute1 ~]#egrep -c '(vmx|svm)' /proc/cpuinfo
如果返回的值为1或者更大,说明你的计算节点支持硬件加速,通常不需要额外配置,如果返回的值为0,说明你的计算节点不支持硬件加速,你必须将libvirt配置为QEMU,来替代默认的KVM。编辑/etc/nova/nova.conf文件:
[root@compute1 ~]# vim /etc/nova/nova.conf
[libvirt]
# ...
virt_type = qemu
2、启动计算服务,包括它的依赖项,并配置它们在系统启动时自动启动:
[root@compute1 ~]#systemctl enable libvirtd.service openstack-nova-compute.service [root@compute1 ~]#systemctl start libvirtd.service openstack-nova-compute.service
如果不能正常启动,一般是controller上的消息服务的5672端口被拒绝访问,配置防火墙允许即可。
添加计算节点到cell数据库
操作在controller节点上
1、提供admin管理凭证以便操作命令,然后确认数据库中有计算主机:
[root@controller ~]source admin_keystone [root@controller ~]openstack compute service list --service nova-compute
+----+--------------+----------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+----------+------+---------+-------+----------------------------+
| 6 | nova-compute | compute1 | nova | enabled | up | 2017-09-19T10:21:16.000000 |
+----+--------------+----------+------+---------+-------+----------------------------+
2、发现计算主机
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': 4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a
Found 1 unmapped computes in cell: 4c6d94e7-3576-42e5-9c01-b2f5f4b11f7a
Checking host mapping for compute host 'compute1': f21b277b-0649-4c7c-be7d-f2241d1d6972
Creating host mapping for compute host 'compute1': f21b277b-0649-4c7c-be7d-f2241d1d6972
当你添加新的计算节点,你必须要在控制节点上运行“nova-manage cell_v2 discover_hosts”命令来注册这些新的计算节点。或者,你可以在配置文件中设置一个适当的时间间隔:/etc/nova/nova.conf,默认是不自动发现,单位是秒。
[root@controller ~]# vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
检查操作
检查计算服务的操作,在控制节点上执行以下命令:
1、执行admin命令行运行环境
[root@controller ~]# source admin_keystone
2、列出服务组件,以验证成功启动和注册的每个进程
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2017-09-19T10:25:32.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2017-09-19T10:25:32.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2017-09-19T10:25:32.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2017-09-19T10:25:36.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
其输处中有3个服务组件是激活在控制节点,一个服务组件是激活在计算节点
3、列出身份服务中的API endpoints,以验证与身份服务的连通性,显示结果和安装的组件有关。
[root@controller ~]# openstack catalog list
+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| nova | compute | RegionOne |
| | | public: http://controller:8774/v2.1 |
| | | RegionOne |
| | | admin: http://controller:8774/v2.1 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1 |
| | | |
| glance | p_w_picpath | RegionOne |
| | | admin: http://controller:9292 |
| | | RegionOne |
| | | internal: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | |
| keystone | identity | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | RegionOne |
| | | admin: http://controller:35357/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | |
| placement | placement | RegionOne |
| | | public: http://controller:8778 |
| | | RegionOne |
| | | admin: http://controller:8778 |
| | | RegionOne |
| | | internal: http://controller:8778 |
| | | |
+-----------+-----------+-----------------------------------------+
4、列出镜像服务的列表,检查和镜像服务的连通性
[root@controller ~]# openstack p_w_picpath list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 0dbab038-9df1-4b57-9046-2da8a2e83b39 | cirros | active |
+--------------------------------------+--------+--------+
5、检查cells和placement API是否成功工作
[root@controller ~]# nova-status upgrade check [root@controller ~]# nova-status upgrade check
+---------------------------+
| Upgrade Check Results |
+---------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Resource Providers |
| Result: Success (成功) |
| Details: None |
+---------------------------+