OpenStack 之 Nova 安装
创建数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.00 sec)
数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
-> IDENTIFIED BY 'placement';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';
Query OK, 0 rows affected (0.01 sec)
安装 nova 包
[root@openstack ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
编辑 /etc/nova/nova.conf 配置文件:
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
在 [api_database] 、[database] 和 [placement_database] 下配置数据库连接:
[api_database]
# ...
connection = mysql+pymysql://nova:nova@192.168.1.140/nova_api
[database]
# ...
connection = mysql+pymysql://nova:nova@192.168.1.140/nova
[placement_database]
# ...
connection = mysql+pymysql://placement:placement@192.168.1.140/placement
在 [DEFAULT] 块下,配置 RabbitMQ消息队列连接
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@192.168.1.140
在 [api] 和 [keystone_authtoken] 块下,配置认证服务连接:
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://192.168.1.140:5000/v3
memcached_servers = 192.168.1.140:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT] 块下,激活支持的网络服务:
[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在 [vnc] 块下,使用控制节点的管理端口IP地址配置 VNC 代理
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
在 [glance] 块下,配置本地镜像服务 API
[glance]
# ...
api_servers = http://192.168.1.140:9292
在 [oslo_concurrency] 块下,配置 lock 路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
在 [placement] 块下,配置 Placement 接口
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.1.140:5000/v3
username = placement
password = placement
在 /etc/httpd/conf.d/00-nova-placement-api.conf 下,增加如下配置文件,激活 Placement 接口
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启 httpd 服务
systemctl restart httpd
同步 nova-api 和 placement 数据库
[root@openstack ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
注册 cell0 数据库
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建 cell1
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
同步 nova 数据库
# su -s /bin/sh -c "nova-manage db sync" nova
确认 nova、cell0 和 cell1 已注册
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+---------------------------------------+----------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+---------------------------------------+----------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@192.168.1.140/nova_cell0 | False |
| cell1 | 2d09f9c0-1c42-4bb6-bfb2-7071d28265e4 | rabbit://openstack:****@192.168.1.140 | mysql+pymysql://nova:****@192.168.1.140/nova | False |
+-------+--------------------------------------+---------------------------------------+----------------------------------------------------+----------+
查看 nova 数据库中数据内容
[root@openstack ~]# mysql -h 192.168.1.140 -u nova -pnova -e "USE nova;SHOW TABLES;"
+--------------------------------------------+
| Tables_in_nova |
+--------------------------------------------+
| agent_builds |
| aggregate_hosts |
| aggregate_metadata |
| aggregates |
| allocations |
| block_device_mapping |
| bw_usage_cache |
| cells |
| certificates |
| compute_nodes |
| console_auth_tokens |
| console_pools |
| consoles |
| dns_domains |
| fixed_ips |
| floating_ips |
| instance_actions |
| instance_actions_events |
| instance_extra |
| instance_faults |
| instance_group_member |
| instance_group_policy |
| instance_groups |
| instance_id_mappings |
| instance_info_caches |
| instance_metadata |
| instance_system_metadata |
| instance_type_extra_specs |
| instance_type_projects |
| instance_types |
| instances |
| inventories |
| key_pairs |
| migrate_version |
| migrations |
| networks |
| pci_devices |
| project_user_quotas |
| provider_fw_rules |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| resource_provider_aggregates |
| resource_providers |
| s3_images |
| security_group_default_rules |
| security_group_instance_association |
| security_group_rules |
| security_groups |
| services |
| shadow_agent_builds |
| shadow_aggregate_hosts |
| shadow_aggregate_metadata |
| shadow_aggregates |
| shadow_block_device_mapping |
| shadow_bw_usage_cache |
| shadow_cells |
| shadow_certificates |
| shadow_compute_nodes |
| shadow_console_pools |
| shadow_consoles |
| shadow_dns_domains |
| shadow_fixed_ips |
| shadow_floating_ips |
| shadow_instance_actions |
| shadow_instance_actions_events |
| shadow_instance_extra |
| shadow_instance_faults |
| shadow_instance_group_member |
| shadow_instance_group_policy |
| shadow_instance_groups |
| shadow_instance_id_mappings |
| shadow_instance_info_caches |
| shadow_instance_metadata |
| shadow_instance_system_metadata |
| shadow_instance_type_extra_specs |
| shadow_instance_type_projects |
| shadow_instance_types |
| shadow_instances |
| shadow_key_pairs |
| shadow_migrate_version |
| shadow_migrations |
| shadow_networks |
| shadow_pci_devices |
| shadow_project_user_quotas |
| shadow_provider_fw_rules |
| shadow_quota_classes |
| shadow_quota_usages |
| shadow_quotas |
| shadow_reservations |
| shadow_s3_images |
| shadow_security_group_default_rules |
| shadow_security_group_instance_association |
| shadow_security_group_rules |
| shadow_security_groups |
| shadow_services |
| shadow_snapshot_id_mappings |
| shadow_snapshots |
| shadow_task_log |
| shadow_virtual_interfaces |
| shadow_volume_id_mappings |
| shadow_volume_usage_cache |
| snapshot_id_mappings |
| snapshots |
| tags |
| task_log |
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
+--------------------------------------------+
激活启动服务
[root@openstack ~]# systemctl enable openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
[root@openstack ~]# systemctl start openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
此时,可以查看各个服务是否已正确启动
[root@openstack ~]# systemctl status openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
激活环境变量
[root@openstack ~]# . admin-openstack.bashrc
创建计算服务认证
创建 nova 用户
[root@openstack ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1a93a01bc87d4fe4aae0276eec429f2e |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加 nova 用户至 admin 用户组
[root@openstack ~]# openstack role add --project service --user nova admin
创建 nova 服务
[root@openstack ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 1613629270cf46c0886b0b7470ff33e8 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建计算服务接口的 endpoints
[root@openstack ~]# openstack endpoint create --region RegionOne \
> compute public http://192.168.1.140:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7cbab2da46d5436984bf67b7886314f1 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1613629270cf46c0886b0b7470ff33e8 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.140:8774/v2.1 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne compute internal http://192.168.1.140:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8b17c3452baa47a5bc8c52a298cedf81 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1613629270cf46c0886b0b7470ff33e8 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.140:8774/v2.1 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne compute admin http://192.168.1.140:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 33c9f42155534327897c4a1bae593655 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1613629270cf46c0886b0b7470ff33e8 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.140:8774/v2.1 |
+--------------+----------------------------------+
创建 Placement 服务用户
[root@openstack ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8598016a22014c6694d0d0aae8bb7199 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加 Placement 用户以 admin 角色加入到 service 项目中
[root@openstack ~]# openstack role add --project service --user placement admin
在 服务中创建 Placement 接口
[root@openstack ~]# openstack service create --name placement \
> --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 78eced16861347a6bcfe58ef35736f88 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
创建 Placement 接口服务的 endpoints
[root@openstack ~]# openstack endpoint create --region RegionOne \
> placement public http://192.168.1.140:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 46f579dba40c4501837f4e1dfdf1d8ab |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 78eced16861347a6bcfe58ef35736f88 |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.140:8778 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne placement internal http://192.168.1.140:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 131200dcd8844fc6a87c1fdce1909066 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 78eced16861347a6bcfe58ef35736f88 |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.140:8778 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne placement admin http://192.168.1.140:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 779b091902994b7ca6de0a41b23c115b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 78eced16861347a6bcfe58ef35736f88 |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.140:8778 |
+--------------+----------------------------------+
计算节点安装
[root@openstack ~]# yum install openstack-nova-compute
编辑 /etc/nova/nova.conf 文件,完成如下配置:
在 Default 块下,配置 RabbitMQ 消息队列
transport_url=rabbit://openstack:openstack@192.168.1.140
在 [api] 和 [keystone_authtoken] 块,配置认证服务连接
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://192.168.1.140:5000/v3
memcached_servers = 192.168.1.140:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 DEFAULT 下配置 my_ip等
[DEFAULT]
# ...
my_ip = 192.168.1.140
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在 vnc 下配置激活远程 console 连接
[vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.1.140:6080/vnc_auto.html
在 glance 块下,配置本地镜像接口
[glance]
# ...
api_servers = http://192.168.1.140:9292
在 [oslo_concurrency] 块下,配置 lock 路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
在 [placement] 块下,配置 Placement 接口
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.1.140:5000/v3
username = placement
password = placement
确保计算节点支持虚拟化
[root@openstack ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
编辑 /etc/nova/nova.conf 下的 [libvirt] 块
[libvirt]
# ...
virt_type = qemu
设置开机自启
[root@openstack ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@openstack ~]# systemctl start libvirtd.service openstack-nova-compute.service
添加 计算节点至 cell 数据库
激活 admin 环境变量,确认计算节点已加入数据库
[root@openstack ~]# . admin-openstack.bashrc
[root@openstack ~]# openstack compute service list --service nova-compute
+----+--------------+-----------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+-----------+------+---------+-------+----------------------------+
| 21 | nova-compute | openstack | nova | enabled | up | 2019-01-14T11:45:54.000000 |
+----+--------------+-----------+------+---------+-------+----------------------------+
发现计算主机
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 2d09f9c0-1c42-4bb6-bfb2-7071d28265e4
Checking host mapping for compute host 'openstack': 85e0bb2a-8694-4a60-8c2a-be920a552ea8
Creating host mapping for compute host 'openstack': 85e0bb2a-8694-4a60-8c2a-be920a552ea8
Found 1 unmapped computes in cell: 2d09f9c0-1c42-4bb6-bfb2-7071d28265e4
当添加完计算节点后,必须在计算节点上命令行运行 nova-manage cell_v2 discover_hosts 。如果不想这样,可以设置每隔300s后自动发现主机
[scheduler]
discover_hosts_in_cells_interval = 300
验证
激活 admin 环境变量
[root@openstack ~]# . admin-openstack.bashrc
列出计算节点,确保每个进程注册和启动成功
[root@openstack ~]# openstack compute service list
+----+----------------+-----------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+-----------+----------+---------+-------+----------------------------+
| 1 | nova-scheduler | openstack | internal | enabled | up | 2019-01-14T11:56:00.000000 |
| 9 | nova-conductor | openstack | internal | enabled | up | 2019-01-14T11:56:00.000000 |
| 21 | nova-compute | openstack | nova | enabled | up | 2019-01-14T11:56:04.000000 |
列出接口endpoints,确保认证服务正确
[root@openstack ~]# openstack catalog list
+-----------+-----------+--------------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+--------------------------------------------+
| nova | compute | RegionOne |
| | | admin: http://192.168.1.140:8774/v2.1 |
| | | RegionOne |
| | | public: http://192.168.1.140:8774/v2.1 |
| | | RegionOne |
| | | internal: http://192.168.1.140:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | internal: http://192.168.1.140:8778 |
| | | RegionOne |
| | | public: http://192.168.1.140:8778 |
| | | RegionOne |
| | | admin: http://192.168.1.140:8778 |
| | | |
| glance | image | RegionOne |
| | | internal: http://192.168.1.140:9292 |
| | | RegionOne |
| | | admin: http://192.168.1.140:9292 |
| | | RegionOne |
| | | public: http://192.168.1.140:9292 |
| | | |
| keystone | identity | RegionOne |
| | | internal: http://192.168.1.140:5000/v3/ |
| | | RegionOne |
| | | admin: http://192.168.1.140:5000/v3/ |
| | | RegionOne |
| | | public: http://192.168.1.140:5000/v3/ |
| | | |
+-----------+-----------+--------------------------------------------+
在镜像服务中列出所有镜像,确保镜像服务正确
[root@openstack ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 2fd4e473-cd41-4391-af79-08376dcdc97e | cirros | active |
+--------------------------------------+--------+--------+
检查 cells 和 pllacement 接口工作正常
[root@openstack ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: API Service Version |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Request Spec Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Console Auths |
| Result: Success |
| Details: None |
+--------------------------------+
浙公网安备 33010602011771号