本章目录1、概述2、架构3、安装配置控制节点一、概述使用OpenStack计算服务来托管和管理云计算系统。OpenStack计算服务是基础设施即服务(IaaS)系统的主要部分,模块 本章目录 1、概述2、
本章目录
1、概述2、架构3、安装配置控制节点
一、概述
使用OpenStack计算服务来托管和管理云计算系统。OpenStack计算服务是基础设施即服务(IaaS)系统的主要部分,模块主要由Python实现。
OpenStack计算组件请求OpenStack Identity服务进行认证;
请求OpenStack Image服务提供磁盘镜像;
为OpenStack dashboard提供用户与管理员接口。磁盘镜像访问限制在项目与用户上;
配额以每个项目进行设定(例如,每个项目下可以创建多少实例)。OpenStack组件可以在标准硬件上水平大规模扩展,并且下载磁盘镜像启动虚拟机实例。
二、架构
三、安装配置
1、创建数据库并授权
1、创建数据库:MariaDB [(none)]> CREATE DATABASE nova;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> CREATE DATABASE nova_cell0;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> CREATE DATABASE nova_api;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> CREATE DATABASE placement;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> SHOW DATABASES;+--------------------+| Database |+--------------------+| glance || information_schema || keystone || mysql || nova || nova_api || nova_cell0 || performance_schema || placement |+--------------------+9 rows in set (0.00 sec)2、授权:MariaDB [(none)]> grant all on nova.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova.* to ‘nova‘@‘%‘ identified by ‘nova‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova_api.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova_api.* to ‘nova‘@‘%‘ identified by ‘nova‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova_cell0.* to ‘nova‘@‘%‘ identified by ‘nova‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova_cell0.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on placement.* to ‘placement‘@‘localhost‘ identified by ‘placement‘;Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on placement.* to ‘placement‘@‘%‘ identified by ‘placement‘;Query OK, 0 rows affected (0.00 sec)3、查看数据库:[root@controller ~]# mysql -unova -pnova -e "show databases;"+--------------------+| Database |+--------------------+| information_schema || nova || nova_api || nova_cell0 |+--------------------+2、创建用户nova、关联角色
1、创建用户[root@controller ~]# . admin-openrc [root@controller ~]# openstack user create --domain default --password-prompt novaUser Password:novaRepeat User Password:nova+---------------------+----------------------------------+| Field | Value |+---------------------+----------------------------------+| domain_id | default || enabled | True || id | cec4534f7ef84ab788be4e8fcaeef156 || name | nova || options | {} || password_expires_at | None |+---------------------+----------------------------------+2、角色添加[root@controller ~]# openstack role add --project service --user nova admin3、在keystone上创建服务和注册api(服务目录)
nova的api端口是8774
1、创建nova服务(不能出现多个)[root@controller ~]# openstack service #可以查看帮助[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Compute || enabled | True || id | 654777c6bd1547bb839df4d2459eaf26 || name | nova || type | compute |+-------------+----------------------------------+2、创建注册api[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | 3c1caa473bfe4390a11e7177894bcc7b || interface | public || region | RegionOne || region_id | RegionOne || service_id | 060d59eac51b4594815603d75a00aba2 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1 |+--------------+-------------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | e3c918de680746a586eac1f2d9bc10ab || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 060d59eac51b4594815603d75a00aba2 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1 |+--------------+-------------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | 38f7af91666a47cfb97b4dc790b94424 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 060d59eac51b4594815603d75a00aba2 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1 |+--------------+-------------------------------------------+4、创建placement相关
4.1创建placement用户
1、创建placement用户[root@controller ~]# openstack user create --domain default --password-prompt placementUser Password: placementRepeat User Password:placement+---------------------+----------------------------------+| Field | Value |+---------------------+----------------------------------+| domain_id | default || enabled | True || id | 842853f62c8d47b8bf7c0019f4de349d || name | placement || options | {} || password_expires_at | None |+---------------------+----------------------------------+2、添加角色[root@controller ~]# openstack role add --project service --user placement admin3、创建Placement API[root@controller ~]# openstack service create --name placement --description "Placement API" placement+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Placement API || enabled | True || id | a62cb64d8e3f44f5b4665c18f87dae88 || name | placement || type | placement |+-------------+----------------------------------+4.2 创建api计算节点
[root@controller ~]#$ openstack endpoint create --region RegionOne placement public http://controller:8778+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 2b1b2637908b4137a9c2e0470487cbc0 || interface | public || region | RegionOne || region_id | RegionOne || service_id | 2d1a27022e6e4185b86adac4444c495f || service_name | placement || service_type | placement || url | http://controller:8778 |+--------------+----------------------------------+[root@controller ~]#$ openstack endpoint create --region RegionOne placement internal http://controller:8778+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 02bcda9a150a4bd7993ff4879df971ab || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 2d1a27022e6e4185b86adac4444c495f || service_name | placement || service_type | placement || url | http://controller:8778 |+--------------+----------------------------------+[root@controller ~]#$ openstack endpoint create --region RegionOne placement admin http://controller:8778+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 3d71177b9e0f406f98cbff198d74b182 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 2d1a27022e6e4185b86adac4444c495f || service_name | placement || service_type | placement || url | http://controller:8778 |+--------------+----------------------------------+查看方法:[root@controller ~]# openstack user list+----------------------------------+-----------+| ID | Name |+----------------------------------+-----------+| 31be40e20245472da1e5a6da135777f6 | glance || 842853f62c8d47b8bf7c0019f4de349d | placement || cec4534f7ef84ab788be4e8fcaeef156 | nova || e1011877fc5d4275b7e4394463883ee0 | myuser || ef761eff8f434c558b42ed37406dd217 | admin |+----------------------------------+-----------+[root@controller ~]# openstack service list+----------------------------------+-----------+-----------+| ID | Name | Type |+----------------------------------+-----------+-----------+| 654777c6bd1547bb839df4d2459eaf26 | nova | compute || a62cb64d8e3f44f5b4665c18f87dae88 | placement | placement || b9548ac6836c423e98ad347ce2fe22bf | keystone | identity || c287094b556c44b5b72438eccebd9726 | glance | image |+----------------------------------+-----------+-----------+[root@controller ~]# openstack endpoint list+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------+| ID | Region | Service Name | Service Type | Enabled | Interface | URL |+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------+........5、安装nova
5.1、安装包:
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api5.2 修改配置文件
vim /etc/nova/nova.conf 1)[DEFAULT]# ...enabled_apis = osapi_compute,metadata#表示启用两个api2)[api_database]# ...cOnnection= mysql+pymysql://nova:nova@controller/nova_api3)[database]# ...cOnnection= mysql+pymysql://nova:nova@controller/nova4)[placement_database]# ...cOnnection= mysql+pymysql://placement:placement@controller/placement5)[DEFAULT]# ...3130行transport_url = rabbit://openstack:openstack@controller6)[api]# ...auth_strategy = keystone7)[keystone_authtoken]# ...auth_url = http://controller:5000/v3memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = novapassword = nova8)暂时先不配置[DEFAULT]# ...my_ip = 192.168.223.1579)[DEFAULT]# ...use_neutron = true #把neutron服务打开firewall_driver = nova.virt.firewall.NoopFirewallDriver #关闭防火墙驱动#默认情况下,计算服务使用的防火墙服务。由于网络服务包包含了防火墙服务,你必须使用#“nova.virt.firewall.NoopFirewallDriver”防火墙服务来禁用掉计算服务内置的防火墙服务,它是一个python类10)[vnc]enabled = true# ...server_listen = $my_ipserver_proxyclient_address = $my_ip11)[glance]# ...配置镜像下载地址api_servers = http://controller:929212)配置锁路径[oslo_concurrency]# ...lock_path = /var/lib/nova/tmp#放置脚本重复执行13)[placement]# ...region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://controller:5000/v3username = placementpassword = placement添加新的计算节点时候加入如下内(直接添加到nova的配置文件中):When you add new compute nodes, you must run nova-manage cell_v2 discover_hosts on the controller node to register those new compute nodes. Alternatively, you can set an appropriate interval in /etc/nova/nova.conf:14)[scheduler]discover_hosts_in_cells_interval = 300修改文件:[root@controller ~]# cat /etc/nova/nova.conf[DEFAULT]enabled_apis=osapi_compute,metadatatransport_url = rabbit://openstack:openstack@controllermy_ip = 192.168.223.170se_neutron = truefirewall_driver = nova.virt.firewall.NoopFirewallDriver[api]auth_strategy = keystone[api_database]cOnnection= mysql+pymysql://nova:nova@controller/nova_api[barbican][cache][cells][cinder][compute][conductor][console][consoleauth][cors][database]cOnnection= mysql+pymysql://nova:nova@controller/nova[devices][ephemeral_storage_encryption][filter_scheduler][glance]api_servers = http://controller:9292[guestfs][healthcheck][hyperv][ironic][key_manager][keystone][keystone_authtoken]auth_url = http://controller:5000/v3memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = novapassword = nova[libvirt][matchmaker_redis][metrics][mks][neutron][notifications][osapi_v21][oslo_concurrency]lock_path = /var/lib/nova/tmp[oslo_messaging_amqp][oslo_messaging_kafka][oslo_messaging_notifications][oslo_messaging_rabbit][oslo_messaging_zmq][oslo_middleware][oslo_policy][pci][placement]region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://controller:5000/v3username = placementpassword = placement[placement_database]cOnnection= mysql+pymysql://placement:placement@controller/placement[powervm][profiler][quota][rdp][remote_debug][scheduler][serial_console][service_user][spice][upgrade_levels][vault][vendordata_dynamic_auth][vmware][vnc]enabled = true# ...server_listen = $my_ipserver_proxyclient_address = $my_ip[workarounds][wsgi][xenserver][xvp][zvm]注释:firewall_driver = nova.virt.firewall.NoopFirewallDriver#默认情况下,计算服务使用的防火墙服务。由于网络服务包包含了防火墙服务,你必须使用#“nova.virt.firewall.NoopFirewallDriver”防火墙服务来禁用掉计算服务内置的防火墙服务,它是一个python类#[root@controller ~]# cd /lib/python2.7/site-packages/nova/virt/#[root@controller virt]# vim firewall.py5.3 修改http配置文件
[root@controller ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf WSGIProcessGroup nova-placement-api WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova WSGIScriptAlias / /usr/bin/nova-placement-api = 2.4> ErrorLogFormat "%M" ErrorLog /var/log/nova/nova-placement-api.log #SSLEngine On #SSLCertificateFile ... #SSLCertificateKeyFile ... = 2.4> Require all granted5.5 启动并检查服务状态:
1、启动服务[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service 2、检查服务是否启动 验证: [root@controller ~]# nova service-list (可以看到三个服务,启动nova-api就是提供此查询结果的服务,能查询,证明nova-api已经启动,如果stop就不能查询)+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+| aab81bd2-6b01-4825-83e2-e0a2571df5f0 | nova-consoleauth | controller | internal | enabled | up | 2020-02-22T09:17:02.000000 | - | False || 0056aea6-b275-4284-8db2-b98015867876 | nova-scheduler | controller | internal | enabled | up | 2020-02-22T09:16:52.000000 | - | False || ccd742e2-e33c-4501-a37d-01aa5084aed6 | nova-conductor | controller | internal | enabled | up | 2020-02-22T09:16:57.000000 | - | False |+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+通过下边的验证openstack-nova-novncproxy是否启动[root@controller ~]# netstat -tunlp|grep 6080tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 8981/python2 [root@controller ~]# ps -ef |grep 8981nova 8981 1 0 10:25 ? 00:00:21 /usr/bin/python2 /usr/bin/nova-novncproxy --web /usr/share/novnc/root 24789 13874 0 17:19 pts/1 00:00:00 grep --color=auto 8981web界面的VNC:http://192.168.223.170:6080/6、日志存在位置
[root@controller ~]# ll /var/log/nova/总用量 124-rw-r--r-- 1 nova nova 3786 12月 15 22:05 nova-api.log-rw-r--r-- 1 nova nova 1432 12月 15 22:05 nova-conductor.log-rw-r--r-- 1 nova nova 1652 12月 15 22:05 nova-consoleauth.log-rw-r--r-- 1 nova nova 106423 12月 15 22:03 nova-manage.log-rw-r--r-- 1 nova nova 638 12月 15 22:05 nova-novncproxy.log-rw-r--r-- 1 root root 0 12月 15 21:55 nova-placement-api.log-rw-r--r-- 1 nova nova 2230 12月 15 22:05 nova-scheduler.log六、OpenStack服务-Nova(控制节点)