博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Openstack之路(四)计算服务Nova
阅读量:5859 次
发布时间:2019-06-19

本文共 14025 字,大约阅读时间需要 46 分钟。

Nova的概述

Nova是Openstack云中的计算组织控制器。支持Openstack云中实例(Instances)生命周期的所有活动都由Nova处理。这样使得Nova成为一个负责管理计算资源、网络、认证、所需可扩展性的平台。但是Nova自身并没有提供任何虚拟化能力,相反它使用Libvirt API来与被支持的Hypervisors交互。Nova通过一个与Amazon Web Services(AWS)EC2 API兼容的Web Services API来对外提供服务。

Nova的组件

  • Nova-API

Nova-API是整个Nova组件的门户,所有对Nova的请求都首先由Nova-API来处理,接收到外部的请求后通过Message Queue将请求发送给其它的服务组件。

  • Nova-Scheduler

Nova-Scheduler负责决策虚拟机创建在那台主机(计算节点)上。

  • Nova-Compute

Nova-Compute处理管理实例生命周期,通过Message Queue接收实例生命周期管理的请求,并承担操作工作。

  • Nova-Conductor

Nova-Compute需要获取和更新数据库中Instance的信息,但是Nova-Compute并不会直接访问数据库,而是通过Nova-Conductor实现数据的访问。这样做有两个显著好处,其一更高的系统安全性,其二更好的系统伸缩性。

在Openstack的早期版本中,Nova-Compute可以直接访问数据库,但这样存在非常大的安全隐患。因为Nova-Compute这个服务是部署在计算节点上的,为了能够访问控制节点上的数据库,就必须在计算节点的/etc/nova/nova.conf中配置访问数据库的连接信息,试想任意一个计算节点被******,都会导致部署在控制节点上的数据库面临极大风险。这样就避免了Nova-Compute直接访问数据库,增加了系统的安全性。

Nova-Conductor将Nova-Compute与数据库解耦之后还带来另一个好处就是提高了Nova的伸缩性。Nova-Compute与Conductor是通过消息中间件交互的,这种松散的架构允许配置多个Nova-Conductor实例,在一个大规模的Openstack部署环境里,管理员可以通过增加Nova-Conductor的数量来应对日益增长的计算节点对数据库的访问。

Nova的工作流程

Openstack之路(四)计算服务Nova

安装配置控制节点

Nova的安装

  • 创建数据库服务的凭据以及API Endpoints
MariaDB [(none)]> create database nova;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> create database nova_api;Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> show databases;+--------------------+| Database           |+--------------------+| glance             || information_schema || keystone           || mysql              || nova               || nova_api           || performance_schema |+--------------------+7 rows in set (0.00 sec)MariaDB [(none)]> grant all on nova.* to 'nova'@'localhost' identified by 'nova';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova.* to 'nova'@'%' identified by 'nova';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all on nova_api.* to 'nova'@'%' identified by 'nova';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exitBye
  • 获得admin凭证来获取只有管理员能执行的命令的访问权限
[root@linux-node1 ~]# source admin-openrc
  • 要创建服务证书,完成这些步骤

创建nova用户

[root@linux-node1 ~]# openstack user create --domain default \--password-prompt novaUser Password:Repeat User Password:+---------------------+----------------------------------+| Field               | Value                            |+---------------------+----------------------------------+| domain_id           | default                          || enabled             | True                             || id                  | 99f1a510951741419024f5d19227046c || name                | nova                             || password_expires_at | None                             |+---------------------+----------------------------------+

给nova用户添加admin角色

[root@linux-node1 ~]# openstack role add --project service --user nova admin

创建nova服务实体

[root@linux-node1 ~]# openstack service create --name nova \--description "OpenStack Compute" compute+-------------+----------------------------------+| Field       | Value                            |+-------------+----------------------------------+| description | OpenStack Compute                || enabled     | True                             || id          | a3c8c4b6954f4e12a197e4a480d6bf53 || name        | nova                             || type        | compute                          |+-------------+----------------------------------+

创建Compute服务API端点

[root@linux-node1 ~]# openstack endpoint create --region RegionOne \compute public http://192.168.56.11:8774/v2.1/%\(tenant_id\)s+--------------+----------------------------------------------+| Field        | Value                                        |+--------------+----------------------------------------------+| enabled      | True                                         || id           | e1609436807842caae0caf293ae61882             || interface    | public                                       || region       | RegionOne                                    || region_id    | RegionOne                                    || service_id   | a3c8c4b6954f4e12a197e4a480d6bf53             || service_name | nova                                         || service_type | compute                                      || url          | http://192.168.56.11:8774/v2.1/%(tenant_id)s |+--------------+----------------------------------------------+[root@linux-node1 ~]# openstack endpoint create --region RegionOne \compute internal http://192.168.56.11:8774/v2.1/%\(tenant_id\)s+--------------+----------------------------------------------+| Field        | Value                                        |+--------------+----------------------------------------------+| enabled      | True                                         || id           | 2f5db2a54b5b49b7aa8aa517e693778a             || interface    | internal                                     || region       | RegionOne                                    || region_id    | RegionOne                                    || service_id   | a3c8c4b6954f4e12a197e4a480d6bf53             || service_name | nova                                         || service_type | compute                                      || url          | http://192.168.56.11:8774/v2.1/%(tenant_id)s |+--------------+----------------------------------------------+[root@linux-node1 ~]# openstack endpoint create --region RegionOne \compute admin http://192.168.56.11:8774/v2.1/%\(tenant_id\)s+--------------+----------------------------------------------+| Field        | Value                                        |+--------------+----------------------------------------------+| enabled      | True                                         || id           | 7b6d8e440ac14266b42508c9f6ca892b             || interface    | admin                                        || region       | RegionOne                                    || region_id    | RegionOne                                    || service_id   | a3c8c4b6954f4e12a197e4a480d6bf53             || service_name | nova                                         || service_type | compute                                      || url          | http://192.168.56.11:8774/v2.1/%(tenant_id)s |+--------------+----------------------------------------------+

安装Nova相关软件包

[root@linux-node1 ~]# yum -y install openstack-nova-api openstack-nova-conductor \openstack-nova-console openstack-nova-novncproxy \openstack-nova-scheduler[root@linux-node1 ~]# rpm -qa openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduleropenstack-nova-conductor-14.0.10-1.el7.noarchopenstack-nova-novncproxy-14.0.10-1.el7.noarchopenstack-nova-api-14.0.10-1.el7.noarchopenstack-nova-scheduler-14.0.10-1.el7.noarchopenstack-nova-console-14.0.10-1.el7.noarch

Nova的配置

  • 编辑/etc/nova/nova.conf文件并完成下面的操作
[root@linux-node1 ~]# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)[root@linux-node1 ~]# vim /etc/nova/nova.conf

[DEFAULT]部分,只启用计算和元数据API

[DEFAULT]......3052 enabled_apis = osapi_compute,metadata

[api_database][database]部分,配置数据库的连接

[api_database]......3661 connection = mysql+pymysql://nova:nova@192.168.56.11/nova_api[database]......4678 connection = mysql+pymysql://nova:nova@192.168.56.11/nova

[DEFAULT]部分,配置RabbitMQ消息队列访问权限

[DEFAULT]......3601 transport_url = rabbit://openstack:openstack@192.168.56.11

[DEFAULT][keystone_authtoken]部分,配置认证服务访问

[DEFAULT]......14 auth_strategy = keystone[keystone_authtoken]5431 auth_uri = http://192.168.56.11:50005432 auth_url = http://192.168.56.11:353575433 memcached_servers = 192.168.56.11:112115434 auth_type = password5435 project_domain_name = Default5436 user_domain_name = Default5437 project_name = service5438 username = nova5439 password = nova

[DEFAULT]部分,启用网络服务支持

[DEFAULT]......2062 use_neutron = True3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址

[VNC]......8326 vncserver_listen = 0.0.0.08338 vncserver_proxyclient_address = 192.168.56.11

[glance]区域,配置镜像服务API的位置

[glance]......4815 api_servers = http://192.168.56.11:9292

[oslo_concurrency]部分,配置锁路径

[oslo_concurrency]......6707 lock_path = /var/lib/nova/tmp
  • 同步Compute数据库,可以忽略警告信息
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage db sync" nova[root@linux-node1 ~]# mysql -unova -pnova -e "use nova;show tables;"|wc -l111[root@linux-node1 ~]# mysql -unova -pnova -e "use nova_api;show tables;"|wc -l21
  • 启动Compute服务,并将其设置为随系统启动
[root@linux-node1 ~]# systemctl enable openstack-nova-api.service \openstack-nova-consoleauth.service openstack-nova-scheduler.service \openstack-nova-conductor.service openstack-nova-novncproxy.service[root@linux-node1 ~]# systemctl start openstack-nova-api.service \openstack-nova-consoleauth.service openstack-nova-scheduler.service \openstack-nova-conductor.service openstack-nova-novncproxy.service[root@linux-node1 ~]# systemctl status openstack-nova-api.service[root@linux-node1 ~]# systemctl status openstack-nova-consoleauth.service[root@linux-node1 ~]# systemctl status openstack-nova-scheduler.service[root@linux-node1 ~]# systemctl status openstack-nova-conductor.service[root@linux-node1 ~]# systemctl status openstack-nova-novncproxy.service

Nova验证操作

[root@linux-node1 ~]# openstack host list+-------------+-------------+----------+| Host Name   | Service     | Zone     |+-------------+-------------+----------+| linux-node1 | conductor   | internal || linux-node1 | consoleauth | internal || linux-node1 | scheduler   | internal |+-------------+-------------+----------+[root@linux-node1 ~]# openstack compute service list+----+------------------+-------------+----------+---------+-------+----------------------------+| ID | Binary           | Host        | Zone     | Status  | State | Updated At                 |+----+------------------+-------------+----------+---------+-------+----------------------------+|  1 | nova-consoleauth | linux-node1 | internal | enabled | up    | 2018-01-20T05:16:57.000000 ||  2 | nova-conductor   | linux-node1 | internal | enabled | up    | 2018-01-20T05:16:57.000000 ||  3 | nova-scheduler   | linux-node1 | internal | enabled | up    | 2018-01-20T05:16:57.000000 |+----+------------------+-------------+----------+---------+-------+----------------------------+

安装配置计算节点

Nova-Compute的安装

  • 添加Openstack仓库,安装Newton版
[root@linux-node2 ~]# yum -y install centos-release-openstack-newton[root@linux-node2 ~]# rpm -qa centos-release-openstack-newtoncentos-release-openstack-newton-1-2.el7.noarch
  • 安装Openstack客户端
[root@linux-node2 ~]# yum -y install python-openstackclient openstack-selinux[root@linux-node2 ~]# rpm -qa python-openstackclient openstack-selinuxpython-openstackclient-3.2.1-1.el7.noarchopenstack-selinux-0.8.11-1.el7.noarch
  • 安装Nova-Compute相关软件包
[root@linux-node2 ~]# yum -y install openstack-nova-compute[root@linux-node2 ~]# rpm -qa openstack-nova-computeopenstack-nova-compute-14.0.10-1.el7.noarch

Nova-Compute的配置

  • 编辑/etc/nova/nova.conf文件并完成下面的操作
[root@linux-node2 ~]# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)[root@linux-node2 ~]# vim /etc/nova/nova.conf

[DEFAULT]部分,只启用计算和元数据API

[DEFAULT]......3052 enabled_apis = osapi_compute,metadata

[DEFAULT]部分,配置RabbitMQ消息队列访问权限

[DEFAULT]......3601 transport_url = rabbit://openstack:openstack@192.168.56.11

[DEFAULT][keystone_authtoken]部分,配置认证服务访问

[DEFAULT]......14 auth_strategy = keystone[keystone_authtoken]5431 auth_uri = http://192.168.56.11:50005432 auth_url = http://192.168.56.11:353575433 memcached_servers = 192.168.56.11:112115434 auth_type = password5435 project_domain_name = Default5436 user_domain_name = Default5437 project_name = service5438 username = nova5439 password = nova

[DEFAULT]部分,启用网络服务支持

[DEFAULT]......2062 use_neutron = True3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]部分,启用并配置远程控制台访问

[vnc]......8303 enabled = true8326 vncserver_listen = 0.0.0.08338 vncserver_proxyclient_address = 192.168.56.128357 novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html

[glance]区域,配置镜像服务API的位置

[glance]......4815 api_servers = http://192.168.56.11:9292

[oslo_concurrency]部分,配置锁路径

[oslo_concurrency]......6707 lock_path = /var/lib/nova/tmp

Nava-Compute验证操作

  • 确定您的计算节点是否支持虚拟机的硬件加速
[root@linux-node2 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo1

如果这个命令返回了one or greater的值,那么你的计算节点支持硬件加速且不需要额外的配置。

如果这个命令返回了zero值,那么你的计算节点不支持硬件加速。你必须配置libvirt来使用QEMU去代替KVM。

  • 启动计算服务及其依赖,并将其配置为随系统自动启动
[root@linux-node2 ~]# systemctl enable libvirtd.service openstack-nova-compute.service[root@linux-node2 ~]# systemctl start libvirtd.service openstack-nova-compute.service[root@linux-node2 ~]# systemctl status libvirtd.service openstack-nova-compute.service
  • 获得admin凭证来获取只有管理员能执行的命令的访问权限
[root@linux-node1 ~]# source admin-openrc
  • 列出服务组件,以验证是否成功启动并注册了每个进程
[root@linux-node1 ~]# openstack host list+-------------+-------------+----------+| Host Name   | Service     | Zone     |+-------------+-------------+----------+| linux-node1 | consoleauth | internal || linux-node1 | conductor   | internal || linux-node1 | scheduler   | internal || linux-node2 | compute     | nova     |+-------------+-------------+----------+[root@linux-node1 ~]# openstack compute service list+----+------------------+-------------+----------+---------+-------+----------------------------+| ID | Binary           | Host        | Zone     | Status  | State | Updated At                 |+----+------------------+-------------+----------+---------+-------+----------------------------+|  1 | nova-consoleauth | linux-node1 | internal | enabled | up    | 2018-01-20T05:52:58.000000 ||  2 | nova-conductor   | linux-node1 | internal | enabled | up    | 2018-01-20T05:52:57.000000 ||  3 | nova-scheduler   | linux-node1 | internal | enabled | up    | 2018-01-20T05:52:58.000000 ||  6 | nova-compute     | linux-node2 | nova     | enabled | up    | 2018-01-20T05:53:02.000000 |+----+------------------+-------------+----------+---------+-------+----------------------------+

转载于:https://blog.51cto.com/11097612/2062560

你可能感兴趣的文章
Windows7操作系统安装教程(图文)
查看>>
IOS Core Animation Advanced Techniques的学习笔记(三)
查看>>
除了模拟手术教学,VR在医疗领域如何应用?
查看>>
盘点5款Ubuntu监控工具解决CPU暴增问题
查看>>
java 测试IP
查看>>
用CSS做导航菜单的4个理由
查看>>
NOIP2015 运输计划 二分答案+Tarjan LCA+树上差分
查看>>
构建之法读后感
查看>>
基本信息项目目标文档
查看>>
移动开发Html 5前端性能优化指南
查看>>
silverlight style和template 使用之tip
查看>>
Eclipse配置python环境
查看>>
第十二周总结
查看>>
Import declarations are not supported by current JavaScript version--JavaScript版本不支持导入声明...
查看>>
js兼容性大全
查看>>
晶振不起振的原因及其解决方法
查看>>
学习目标
查看>>
《利用python进行数据分析》学习笔记--数据聚合与分组(groupby)
查看>>
C++中的函数指针模板
查看>>
2015年个人总结
查看>>