Nova的概述
Nova是Openstack云中的计算组织控制器。支持Openstack云中实例(Instances)生命周期的所有活动都由Nova处理。这样使得Nova成为一个负责管理计算资源、网络、认证、所需可扩展性的平台。但是Nova自身并没有提供任何虚拟化能力,相反它使用Libvirt API来与被支持的Hypervisors交互。Nova通过一个与Amazon Web Services(AWS)EC2 API兼容的Web Services API来对外提供服务。
Nova的组件
- Nova-API
Nova-API是整个Nova组件的门户,所有对Nova的请求都首先由Nova-API来处理,接收到外部的请求后通过Message Queue将请求发送给其它的服务组件。
- Nova-Scheduler
Nova-Scheduler负责决策虚拟机创建在那台主机(计算节点)上。
- Nova-Compute
Nova-Compute处理管理实例生命周期,通过Message Queue接收实例生命周期管理的请求,并承担操作工作。
- Nova-Conductor
Nova-Compute需要获取和更新数据库中Instance的信息,但是Nova-Compute并不会直接访问数据库,而是通过Nova-Conductor实现数据的访问。这样做有两个显著好处,其一更高的系统安全性,其二更好的系统伸缩性。
在Openstack的早期版本中,Nova-Compute可以直接访问数据库,但这样存在非常大的安全隐患。因为Nova-Compute这个服务是部署在计算节点上的,为了能够访问控制节点上的数据库,就必须在计算节点的/etc/nova/nova.conf中配置访问数据库的连接信息,试想任意一个计算节点被黑客入侵,都会导致部署在控制节点上的数据库面临极大风险。这样就避免了Nova-Compute直接访问数据库,增加了系统的安全性。
Nova-Conductor将Nova-Compute与数据库解耦之后还带来另一个好处就是提高了Nova的伸缩性。Nova-Compute与Conductor是通过消息中间件交互的,这种松散的架构允许配置多个Nova-Conductor实例,在一个大规模的Openstack部署环境里,管理员可以通过增加Nova-Conductor的数量来应对日益增长的计算节点对数据库的访问。
Nova的工作流程
Nova实例化流程
- 首先用户执行Nova Client提供的用于创建虚拟机的指令。
- Nova-API监听到来自于Nova Client的HTTP请求,并将这些请求转换为AMQP消息之后加入消息队列Queue。
- 通过消息队列Queue调用Nova-Conductor。
- Nova-Conductor从Queue接收到虚拟机实例化请求消息后,进行一些准备工作,例如:汇总HTTP请求中所需要实例化的虚拟机参数。
- Nova-Conductor通过Queue告诉Nova-Scheduler去选择一个合适的Compute Node来创建虚拟机,此时Nova-Scheduler会读取数据库的内容。
- Nova-Conductor从Nova-Scheduler得到了合适的Compute Node的信息后,再通过Queue来通知Nova-Compute实现虚拟机的创建。
- 从虚拟机实例化的过程可以看出,Nova中最重要的4个服务之间的通信都是通过Queue来实现的,这符合松耦合的实现方式。
安装配置控制节点
Nova的安装
- 创建数据库服务的凭据以及API Endpoints
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
MariaDB [(none)]> grant all on nova.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova.* to ‘nova‘@‘%‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova_api.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova_api.* to ‘nova‘@‘%‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye- 获得admin凭证来获取只有管理员能执行的命令的访问权限
[[email protected] ~]# source admin-openrc- 要创建服务证书,完成这些步骤
创建nova用户
[[email protected] ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 99f1a510951741419024f5d19227046c |
| name | nova |
| password_expires_at | None |
+---------------------+----------------------------------+给nova用户添加admin角色
[[email protected] ~]# openstack role add --project service --user nova admin创建Nova服务实体
[[email protected] ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| name | nova |
| type | compute |
+-------------+----------------------------------+创建Compute服务API端点
[[email protected] ~]# openstack endpoint create --region RegionOne compute public http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | e1609436807842caae0caf293ae61882 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne compute internal http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 2f5db2a54b5b49b7aa8aa517e693778a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne compute admin http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 7b6d8e440ac14266b42508c9f6ca892b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+安装Nova相关软件包
[[email protected] ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
[[email protected] ~]# rpm -qa openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
openstack-nova-conductor-14.0.10-1.el7.noarch
openstack-nova-novncproxy-14.0.10-1.el7.noarch
openstack-nova-api-14.0.10-1.el7.noarch
openstack-nova-scheduler-14.0.10-1.el7.noarch
openstack-nova-console-14.0.10-1.el7.noarchNova的配置
- 编辑/etc/nova/nova.conf文件并完成下面的操作
[[email protected] ~]# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)
[[email protected] ~]# vim /etc/nova/nova.conf在[DEFAULT]部分,只启用计算和元数据API
[DEFAULT]
......
3052 enabled_apis = osapi_compute,metadata在[api_database]和[database]部分,配置数据库的连接
[api_database]
......
3661 connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
......
4678 connection = mysql+pymysql://nova:[email protected]/nova在[DEFAULT]部分,配置RabbitMQ消息队列访问权限
[DEFAULT]
......
3602 transport_url = rabbit://openstack:[email protected]在[DEFAULT]和[keystone_authtoken]部分,配置认证服务访问
[DEFAULT]
......
14 auth_strategy = keystone
[keystone_authtoken]
......
5431 auth_uri = http://192.168.56.11:5000
5432 auth_url = http://192.168.56.11:35357
5433 memcached_servers = 192.168.56.11:11211
5434 auth_type = password
5435 project_domain_name = Default
5436 user_domain_name = Default
5437 project_name = service
5438 username = nova
5439 password = nova在 [DEFAULT]部分,启用网络服务支持
[DEFAULT]
......
2062 use_neutron = True
3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver在[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址
[VNC]
......
8326 vncserver_listen = 0.0.0.0
8338 vncserver_proxyclient_address = 192.168.56.11在[glance]区域,配置镜像服务API的位置
[glance]
......
4815 api_servers = http://192.168.56.11:9292在[oslo_concurrency]部分,配置锁路径
[oslo_concurrency]
......
6707 lock_path = /var/lib/nova/tmp- 同步Compute数据库,可以忽略警告信息
[[email protected] ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[[email protected] ~]# su -s /bin/sh -c "nova-manage db sync" nova
[[email protected] ~]# mysql -unova -pnova -e "use nova;show tables;"
[[email protected] ~]# mysql -unova -pnova -e "use nova_api;show tables;"- 启动Compute服务,并将其设置为随系统启动
[[email protected] ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[[email protected] ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[[email protected] ~]# systemctl status openstack-nova-api.service
[[email protected] ~]# systemctl status openstack-nova-consoleauth.service
[[email protected] ~]# systemctl status openstack-nova-scheduler.service
[[email protected] ~]# systemctl status openstack-nova-conductor.service
[[email protected] ~]# systemctl status openstack-nova-novncproxy.serviceNova验证操作
[[email protected] ~]# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | consoleauth | internal |
| linux-node1 | scheduler | internal |
+-------------+-------------+----------+
[[email protected] ~]# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | linux-node1 | internal | enabled | up | 2018-01-16T07:09:13.000000 |
| 2 | nova-consoleauth | linux-node1 | internal | enabled | up | 2018-01-16T07:09:12.000000 |
| 3 | nova-scheduler | linux-node1 | internal | enabled | up | 2018-01-16T07:09:17.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+安装配置计算节点
Nova-Compute的安装
- 添加Openstack仓库,安装Newton版
[[email protected] ~]# yum -y install centos-release-openstack-newton
[[email protected] ~]# rpm -qa centos-release-openstack-newton
centos-release-openstack-newton-1-2.el7.noarch- 安装Openstack客户端
[[email protected] ~]# yum -y install python-openstackclient openstack-selinux
[[email protected] ~]# rpm -qa python-openstackclient openstack-selinux
python-openstackclient-3.2.1-1.el7.noarch
openstack-selinux-0.8.11-1.el7.noarch- 安装Nova-Compute相关软件包
[[email protected] ~]# yum -y install openstack-nova-compute
[[email protected] ~]# rpm -qa openstack-nova-compute
openstack-nova-compute-14.0.10-1.el7.noarchNova-Compute的配置
- 编辑/etc/nova/nova.conf文件并完成下面的操作
[[email protected] ~]# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)
[[email protected] ~]# vim /etc/nova/nova.conf在[DEFAULT]部分,只启用计算和元数据API
[DEFAULT]
......
3052 enabled_apis = osapi_compute,metadata在[DEFAULT]部分,配置RabbitMQ消息队列访问权限
[DEFAULT]
......
3601 transport_url = rabbit://openstack:[email protected]在[DEFAULT]和[keystone_authtoken]部分,配置认证服务访问
[DEFAULT]
......
14 auth_strategy = keystone
[keystone_authtoken]
......
5431 auth_uri = http://192.168.56.11:5000
5432 auth_url = http://192.168.56.11:35357
5433 memcached_servers = 192.168.56.11:11211
5434 auth_type = password
5435 project_domain_name = Default
5436 user_domain_name = Default
5437 project_name = service
5438 username = nova
5439 password = nova在[DEFAULT]部分,启用网络服务支持
[DEFAULT]
......
2062 use_neutron = True
3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver在[vnc]部分,启用并配置远程控制台访问
[vnc]
......
8303 enabled = true
8326 vncserver_listen = 0.0.0.0
8338 vncserver_proxyclient_address = 192.168.56.12
8357 novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html在[glance]区域,配置镜像服务API的位置
[glance]
......
4815 api_servers = http://192.168.56.11:9292在[oslo_concurrency]部分,配置锁路径
[oslo_concurrency]
......
6707 lock_path = /var/lib/nova/tmpNava-Compute验证操作
- 确定您的计算节点是否支持虚拟机的硬件加速
[[email protected] ~]# egrep -c ‘(vmx|svm)‘ /proc/cpuinfo
1如果这个命令返回了one or greater的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了zero值,那么你的计算节点不支持硬件加速。你必须配置libvirt来使用QEMU去代替KVM。
- 启动计算服务及其依赖,并将其配置为随系统自动启动
[[email protected] ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[[email protected] ~]# systemctl start libvirtd.service openstack-nova-compute.service
[[email protected] ~]# systemctl status libvirtd.service
[[email protected] ~]# systemctl status openstack-nova-compute.service- 获得admin凭证来获取只有管理员能执行的命令的访问权限
[[email protected] ~]# source admin-openrc- 列出服务组件,以验证是否成功启动并注册了每个进程
[[email protected] ~]# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | consoleauth | internal |
| linux-node1 | scheduler | internal |
| linux-node2 | compute | nova |
+-------------+-------------+----------+
[[email protected] ~]# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | linux-node1 | internal | enabled | up | 2018-01-16T07:04:43.000000 |
| 2 | nova-consoleauth | linux-node1 | internal | enabled | up | 2018-01-16T07:04:42.000000 |
| 3 | nova-scheduler | linux-node1 | internal | enabled | up | 2018-01-16T07:04:47.000000 |
| 6 | nova-compute | linux-node2 | nova | enabled | up | 2018-01-16T07:04:46.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+原文地址:http://blog.51cto.com/11097612/2062560
时间: 2024-10-08 07:14:18