Openstack之路(四)計算服務Nova
阿新 • • 發佈:2018-01-18
ken 硬件加速 額外 strong fire sha vnc 服務組件 vncserver Nova的概述
Nova是Openstack雲中的計算組織控制器。支持Openstack雲中實例(Instances)生命周期的所有活動都由Nova處理。這樣使得Nova成為一個負責管理計算資源、網絡、認證、所需可擴展性的平臺。但是Nova自身並沒有提供任何虛擬化能力,相反它使用Libvirt API來與被支持的Hypervisors交互。Nova通過一個與Amazon Web Services(AWS)EC2 API兼容的Web Services API來對外提供服務。
Nova的組件
- Nova-API
Nova-API是整個Nova組件的門戶,所有對Nova的請求都首先由Nova-API來處理,接收到外部的請求後通過Message Queue將請求發送給其它的服務組件。
- Nova-Scheduler
Nova-Scheduler負責決策虛擬機創建在那臺主機(計算節點)上。
- Nova-Compute
Nova-Compute處理管理實例生命周期,通過Message Queue接收實例生命周期管理的請求,並承擔操作工作。
- Nova-Conductor
Nova-Compute需要獲取和更新數據庫中Instance的信息,但是Nova-Compute並不會直接訪問數據庫,而是通過Nova-Conductor實現數據的訪問。這樣做有兩個顯著好處,其一更高的系統安全性,其二更好的系統伸縮性。
在Openstack的早期版本中,Nova-Compute可以直接訪問數據庫,但這樣存在非常大的安全隱患。因為Nova-Compute這個服務是部署在計算節點上的,為了能夠訪問控制節點上的數據庫,就必須在計算節點的/etc/nova/nova.conf中配置訪問數據庫的連接信息,試想任意一個計算節點被黑客入侵,都會導致部署在控制節點上的數據庫面臨極大風險。這樣就避免了Nova-Compute直接訪問數據庫,增加了系統的安全性。
Nova-Conductor將Nova-Compute與數據庫解耦之後還帶來另一個好處就是提高了Nova的伸縮性。Nova-Compute與Conductor是通過消息中間件交互的,這種松散的架構允許配置多個Nova-Conductor實例,在一個大規模的Openstack部署環境裏,管理員可以通過增加Nova-Conductor的數量來應對日益增長的計算節點對數據庫的訪問。
Nova的工作流程
Nova實例化流程
- 首先用戶執行Nova Client提供的用於創建虛擬機的指令。
- Nova-API監聽到來自於Nova Client的HTTP請求,並將這些請求轉換為AMQP消息之後加入消息隊列Queue。
- 通過消息隊列Queue調用Nova-Conductor。
- Nova-Conductor從Queue接收到虛擬機實例化請求消息後,進行一些準備工作,例如:匯總HTTP請求中所需要實例化的虛擬機參數。
- Nova-Conductor通過Queue告訴Nova-Scheduler去選擇一個合適的Compute Node來創建虛擬機,此時Nova-Scheduler會讀取數據庫的內容。
- Nova-Conductor從Nova-Scheduler得到了合適的Compute Node的信息後,再通過Queue來通知Nova-Compute實現虛擬機的創建。
- 從虛擬機實例化的過程可以看出,Nova中最重要的4個服務之間的通信都是通過Queue來實現的,這符合松耦合的實現方式。
安裝配置控制節點
Nova的安裝
- 創建數據庫服務的憑據以及API Endpoints
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
MariaDB [(none)]> grant all on nova.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova.* to ‘nova‘@‘%‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova_api.* to ‘nova‘@‘localhost‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on nova_api.* to ‘nova‘@‘%‘ identified by ‘nova‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye- 獲得admin憑證來獲取只有管理員能執行的命令的訪問權限
[root@linux-node1 ~]# source admin-openrc- 要創建服務證書,完成這些步驟
創建nova用戶
[root@linux-node1 ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 99f1a510951741419024f5d19227046c |
| name | nova |
| password_expires_at | None |
+---------------------+----------------------------------+給nova用戶添加admin角色
[root@linux-node1 ~]# openstack role add --project service --user nova admin創建Nova服務實體
[root@linux-node1 ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| name | nova |
| type | compute |
+-------------+----------------------------------+創建Compute服務API端點
[root@linux-node1 ~]# openstack endpoint create --region RegionOne compute public http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | e1609436807842caae0caf293ae61882 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne compute internal http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 2f5db2a54b5b49b7aa8aa517e693778a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne compute admin http://192.168.56.11:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 7b6d8e440ac14266b42508c9f6ca892b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a3c8c4b6954f4e12a197e4a480d6bf53 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+安裝Nova相關軟件包
[root@linux-node1 ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
[root@linux-node1 ~]# rpm -qa openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
openstack-nova-conductor-14.0.10-1.el7.noarch
openstack-nova-novncproxy-14.0.10-1.el7.noarch
openstack-nova-api-14.0.10-1.el7.noarch
openstack-nova-scheduler-14.0.10-1.el7.noarch
openstack-nova-console-14.0.10-1.el7.noarchNova的配置
- 編輯/etc/nova/nova.conf文件並完成下面的操作
[root@linux-node1 ~]# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)
[root@linux-node1 ~]# vim /etc/nova/nova.conf在[DEFAULT]部分,只啟用計算和元數據API
[DEFAULT]
......
3052 enabled_apis = osapi_compute,metadata在[api_database]和[database]部分,配置數據庫的連接
[api_database]
......
3661 connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
......
4678 connection = mysql+pymysql://nova:[email protected]/nova在[DEFAULT]部分,配置RabbitMQ消息隊列訪問權限
[DEFAULT]
......
3602 transport_url = rabbit://openstack:[email protected]在[DEFAULT]和[keystone_authtoken]部分,配置認證服務訪問
[DEFAULT]
......
14 auth_strategy = keystone
[keystone_authtoken]
......
5431 auth_uri = http://192.168.56.11:5000
5432 auth_url = http://192.168.56.11:35357
5433 memcached_servers = 192.168.56.11:11211
5434 auth_type = password
5435 project_domain_name = Default
5436 user_domain_name = Default
5437 project_name = service
5438 username = nova
5439 password = nova在 [DEFAULT]部分,啟用網絡服務支持
[DEFAULT]
......
2062 use_neutron = True
3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver在[vnc]部分,配置VNC代理使用控制節點的管理接口IP地址
[VNC]
......
8326 vncserver_listen = 0.0.0.0
8338 vncserver_proxyclient_address = 192.168.56.11在[glance]區域,配置鏡像服務API的位置
[glance]
......
4815 api_servers = http://192.168.56.11:9292在[oslo_concurrency]部分,配置鎖路徑
[oslo_concurrency]
......
6707 lock_path = /var/lib/nova/tmp- 同步Compute數據庫,可以忽略警告信息
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@linux-node1 ~]# mysql -unova -pnova -e "use nova;show tables;"
[root@linux-node1 ~]# mysql -unova -pnova -e "use nova_api;show tables;"- 啟動Compute服務,並將其設置為隨系統啟動
[root@linux-node1 ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@linux-node1 ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@linux-node1 ~]# systemctl status openstack-nova-api.service
[root@linux-node1 ~]# systemctl status openstack-nova-consoleauth.service
[root@linux-node1 ~]# systemctl status openstack-nova-scheduler.service
[root@linux-node1 ~]# systemctl status openstack-nova-conductor.service
[root@linux-node1 ~]# systemctl status openstack-nova-novncproxy.serviceNova驗證操作
[root@linux-node1 ~]# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | consoleauth | internal |
| linux-node1 | scheduler | internal |
+-------------+-------------+----------+
[root@linux-node1 ~]# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | linux-node1 | internal | enabled | up | 2018-01-16T07:09:13.000000 |
| 2 | nova-consoleauth | linux-node1 | internal | enabled | up | 2018-01-16T07:09:12.000000 |
| 3 | nova-scheduler | linux-node1 | internal | enabled | up | 2018-01-16T07:09:17.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+安裝配置計算節點
Nova-Compute的安裝
- 添加Openstack倉庫,安裝Newton版
[root@linux-node2 ~]# yum -y install centos-release-openstack-newton
[root@linux-node2 ~]# rpm -qa centos-release-openstack-newton
centos-release-openstack-newton-1-2.el7.noarch- 安裝Openstack客戶端
[root@linux-node2 ~]# yum -y install python-openstackclient openstack-selinux
[root@linux-node2 ~]# rpm -qa python-openstackclient openstack-selinux
python-openstackclient-3.2.1-1.el7.noarch
openstack-selinux-0.8.11-1.el7.noarch- 安裝Nova-Compute相關軟件包
[root@linux-node2 ~]# yum -y install openstack-nova-compute
[root@linux-node2 ~]# rpm -qa openstack-nova-compute
openstack-nova-compute-14.0.10-1.el7.noarchNova-Compute的配置
- 編輯/etc/nova/nova.conf文件並完成下面的操作
[root@linux-node2 ~]# cp -a /etc/nova/nova.conf /etc/nova/nova.conf_$(date +%F)
[root@linux-node2 ~]# vim /etc/nova/nova.conf在[DEFAULT]部分,只啟用計算和元數據API
[DEFAULT]
......
3052 enabled_apis = osapi_compute,metadata在[DEFAULT]部分,配置RabbitMQ消息隊列訪問權限
[DEFAULT]
......
3601 transport_url = rabbit://openstack:[email protected]在[DEFAULT]和[keystone_authtoken]部分,配置認證服務訪問
[DEFAULT]
......
14 auth_strategy = keystone
[keystone_authtoken]
......
5431 auth_uri = http://192.168.56.11:5000
5432 auth_url = http://192.168.56.11:35357
5433 memcached_servers = 192.168.56.11:11211
5434 auth_type = password
5435 project_domain_name = Default
5436 user_domain_name = Default
5437 project_name = service
5438 username = nova
5439 password = nova在[DEFAULT]部分,啟用網絡服務支持
[DEFAULT]
......
2062 use_neutron = True
3266 firewall_driver = nova.virt.firewall.NoopFirewallDriver在[vnc]部分,啟用並配置遠程控制臺訪問
[vnc]
......
8303 enabled = true
8326 vncserver_listen = 0.0.0.0
8338 vncserver_proxyclient_address = 192.168.56.12
8357 novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html在[glance]區域,配置鏡像服務API的位置
[glance]
......
4815 api_servers = http://192.168.56.11:9292在[oslo_concurrency]部分,配置鎖路徑
[oslo_concurrency]
......
6707 lock_path = /var/lib/nova/tmpNava-Compute驗證操作
- 確定您的計算節點是否支持虛擬機的硬件加速
[root@linux-node2 ~]# egrep -c ‘(vmx|svm)‘ /proc/cpuinfo
1如果這個命令返回了one or greater的值,那麽你的計算節點支持硬件加速且不需要額外的配置。
如果這個命令返回了zero值,那麽你的計算節點不支持硬件加速。你必須配置libvirt來使用QEMU去代替KVM。
- 啟動計算服務及其依賴,並將其配置為隨系統自動啟動
[root@linux-node2 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@linux-node2 ~]# systemctl start libvirtd.service openstack-nova-compute.service
[root@linux-node2 ~]# systemctl status libvirtd.service
[root@linux-node2 ~]# systemctl status openstack-nova-compute.service- 獲得admin憑證來獲取只有管理員能執行的命令的訪問權限
[root@linux-node1 ~]# source admin-openrc- 列出服務組件,以驗證是否成功啟動並註冊了每個進程
[root@linux-node1 ~]# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | consoleauth | internal |
| linux-node1 | scheduler | internal |
| linux-node2 | compute | nova |
+-------------+-------------+----------+
[root@linux-node1 ~]# openstack compute service list
+----+------------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | linux-node1 | internal | enabled | up | 2018-01-16T07:04:43.000000 |
| 2 | nova-consoleauth | linux-node1 | internal | enabled | up | 2018-01-16T07:04:42.000000 |
| 3 | nova-scheduler | linux-node1 | internal | enabled | up | 2018-01-16T07:04:47.000000 |
| 6 | nova-compute | linux-node2 | nova | enabled | up | 2018-01-16T07:04:46.000000 |
+----+------------------+-------------+----------+---------+-------+----------------------------+Openstack之路(四)計算服務Nova