1,Nova 架构
Nova 是 openstack 中最核心的组件, 它管理了整个 VM 的生命周期. openstack 的其他组件归根结底是为 Nova 组件服务的, 基于用户需求为 VM 提供计算资源管理.
Nova 逻辑架构如下图红色方框部分所示
2,Nova 的逻辑模块
Nova 服务主要由 API,Compute,Conductor,Scheduler 四个核心服务组成, 他们之间通过 AMQP 通信. 它包含了多个子服务.
1.Nova API : 它是进入 Nova 的 HTTP 接口, 用于接收和处理客户端发送的 HTTP 请求
2.Nova Scheduler : 它是 Nova 的调度子服务. 当客户端向 Nova 服务器发起创建虚拟机请求时, 它将虚拟机创建在哪个节点上.
3.Nova Conductor : 它是 RPC 服务, 它的作用主要是提供数据库查询功能. 在 openstack 服务中出于安全性和伸缩性的考虑, nova-compute 并不会直接访问数据库, 而是委托给 nova-conductor. 这样有两个优点:(1) 更高的系统安全性;(2) 更好的系统伸缩性.
4.Nova Compute :Nova 组件中最核心的服务, 实现虚拟机管理的功能. 实现了在计算节点上创建, 启动, 暂停, 关闭和删除虚拟机, 虚拟机在不同的计算节点间迁移, 虚拟机安全控制, 管理虚拟机磁盘镜像以及快照等功能.
5.Nova Cert : 用于管理证书, 为了兼容 AWS.AWS 提供一整套的基础设施和应用程序服务, 使得几乎所有的应用程序在云上运行.
6.Nova Cell :Nova Cell 子服务的目的便于实现横向扩展和大规模的部署, 同时不增加数据库和 RPC 消息中间件的复杂度. 在 Nova Scheduler 服务的主机调度的基础上实现了区域调度.
7.Nova Console,Nova Consoleauth,Nova VNCProxy :Nova 控制台子服务. 功能是实现客户端通过代理服务器远程访问虚拟机实例的控制界面.
3,Nova 启动一个虚拟机的过程
nova 启动虚拟机的过程如图所示
整个创建 vm 的过程如下 (自己整理了半天, 发现别人写的真的太好了, 直接借用):
1, 用户登录 dashboard 界面或操作命令行通过 RESTful API 向 keystone 获取认证信息;
2,keystone 通过用户请求认证信息, 并生成 auth-token 返回给对应的认证请求.
3, 界面或命令行通过 RESTful API 向 nova-API 发送一个 boot instance 的请求 (携带 auth-token);
4,nova-API 接受请求后向 keystone 发送认证请求, 查看 token 是否为有效用户和 token;
5,keystone 验证 token 是否有效, 如有效则返回有效的认证和对应的角色 (注: 有些操作需要有角色权限才能操作);
6, 通过认证后 nova-API 和数据库通讯;
7, 初始化新建虚拟机的数据库记录;
8,nova-API 通过 rpc.call 向 nova-scheduler 请求是否有创建虚拟机的资源 (Host ID);
9,nova-scheduler 进程侦听消息队列, 获取 nova-API 的请求;
10,nova-scheduler 通过查询 nova 数据库中计算资源的情况, 并通过调度算法计算符合虚拟机创建需要的主机;
11, 对于有符合虚拟机创建的主机, nova-scheduler 更新数据库中虚拟机对应的物理主机信息;
12,nova-scheduler 通过 rpc.cast 向 nova-compute 发送对应的创建虚拟机请求的消息;
13,nova-compute 会从对应的消息队列中获取创建虚拟机请求的消息;
14,nova-compute 通过 rpc.call 向 nova-conductor 请求获取虚拟机消息 (Flavor);
15,nova-conductor 从消息队队列中拿到 nova-compute 请求消息;
16,nova-conductor 根据消息查询虚拟机对应的信息;
17,nova-conductor 从数据库中获得虚拟机对应信息;
18,nova-conductor 把虚拟机信息通过消息的方式发送到消息队列中;
19,nova-compute 从对应的消息队列中获取虚拟机信息消息;
20,nova-compute 通过 keystone 的 RESTfull API 拿到认证的 token, 并通过 HTTP 请求 glance-API 获取创建虚拟机所需要镜像;
21,glance-API 向 keystone 认证 token 是否有效, 并返回验证结果;
22,token 验证通过, nova-compute 获得虚拟机镜像信息 (URL);
23,nova-compute 通过 keystone 的 RESTfull API 拿到认证 k 的 token, 并通过 HTTP 请求 neutron-server 获取创建虚拟机所需要的网络信息;
24,neutron-server 向 keystone 认证 token 是否有效, 并返回验证结果;
25,token 验证通过, nova-compute 获得虚拟机网络信息;
26,nova-compute 通过 keystone 的 RESTfull API 拿到认证的 token, 并通过 HTTP 请求 cinder-API 获取创建虚拟机所需要的持久化存储信息;
27,cinder-API 向 keystone 认证 token 是否有效, 并返回验证结果;
28,token 验证通过, nova-compute 获得虚拟机持久化存储信息;
29,nova-compute 根据 instance 的信息调用配置的虚拟化驱动来创建虚拟机;
4, 实战: nova 的手动搭建
4.1 Controller 节点
1) 数据库相关操作:
- [[email protected] ~]# MySQL -uroot -popenstack <<EOF
- create database nova_api;
- create database nova;
- create database nova_cell0;
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
- GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
- EOF
2) 创建 nova 用户, 并在 service 项目中添加管理员角色
- # 授权
- [[email protected] ~]# source admin_openrc
下面这句要分开执行, 要输入 nova 用户的密码:
- [[email protected] ~]# openstack user create --domain default --password-prompt nova
- User Password:
- Repeat User Password:
- +---------------------+----------------------------------+
- | Field | Value |
- +---------------------+----------------------------------+
- | domain_id | default |
- | enabled | True |
- | id | fe8948c5641b4a16a26420260bd822a7 |
- | name | nova |
- | options | {
- } |
- | password_expires_at | None |
- +---------------------+----------------------------------+
- [[email protected] ~]# openstack role add --project service --user nova admin
3) 创建 nova 服务及端口
- [[email protected] ~]# openstack service create --name nova --description "OpenStack Compute" compute
- +-------------+----------------------------------+
- | Field | Value |
- +-------------+----------------------------------+
- | description | OpenStack Compute |
- | enabled | True |
- | id | 9c78ed53491546ba863062d0c74e3902 |
- | name | nova |
- | type | compute |
- +-------------+----------------------------------+
- [[email protected] ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | 44df01edd39c4acfaad2877c26ea2c8f |
- | interface | public |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | 9c78ed53491546ba863062d0c74e3902 |
- | service_name | nova |
- | service_type | compute |
- | url | http://controller:8774/v2.1 |
- +--------------+----------------------------------+
- [[email protected] ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | 8a6c68ff6ca847e78e6cb5764a6bef98 |
- | interface | internal |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | 9c78ed53491546ba863062d0c74e3902 |
- | service_name | nova |
- | service_type | compute |
- | url | http://controller:8774/v2.1 |
- +--------------+----------------------------------+
- [[email protected] ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | a5f08ccb71084552aed1a7de40a9a374 |
- | interface | admin |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | 9c78ed53491546ba863062d0c74e3902 |
- | service_name | nova |
- | service_type | compute |
- | url | http://controller:8774/v2.1 |
- +--------------+----------------------------------+
4) 创建 placement 用户, 并在 service 项目中添加管理员角色
- # 授权
- [[email protected] ~]# source admin_openrc
下面这句要分开执行, 要输入 nova 用户的密码:
- [[email protected] ~]# openstack user create --domain default --password-prompt placement
- User Password:
- Repeat User Password:
- +---------------------+----------------------------------+
- | Field | Value |
- +---------------------+----------------------------------+
- | domain_id | default |
- | enabled | True |
- | id | e0ca61dd6473425abd65af2cb5d6afd3 |
- | name | placement |
- | options | {
- } |
- | password_expires_at | None |
- +---------------------+----------------------------------+
- [[email protected] ~]# openstack role add --project service --user placement admin
5) 创建 placement 服务及端口
- [[email protected] ~]# openstack service create --name placement --description "Placement API" placement
- +-------------+----------------------------------+
- | Field | Value |
- +-------------+----------------------------------+
- | description | Placement API |
- | enabled | True |
- | id | a6dc5d3a09344a27ae735daa83f35662 |
- | name | placement |
- | type | placement |
- +-------------+----------------------------------+
- [[email protected] ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | 63d8a43ea474463493e620fd8a7934f9 |
- | interface | public |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | a6dc5d3a09344a27ae735daa83f35662 |
- | service_name | placement |
- | service_type | placement |
- | url | http://controller:8778 |
- +--------------+----------------------------------+
- [[email protected] ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | 79673b1b93874c43aaef13ed25dbde20 |
- | interface | internal |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | a6dc5d3a09344a27ae735daa83f35662 |
- | service_name | placement |
- | service_type | placement |
- | url | http://controller:8778 |
- +--------------+----------------------------------+
- [[email protected] ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
- +--------------+----------------------------------+
- | Field | Value |
- +--------------+----------------------------------+
- | enabled | True |
- | id | 9ddeb299982c434fbf93570ccc448e66 |
- | interface | admin |
- | region | RegionOne |
- | region_id | RegionOne |
- | service_id | a6dc5d3a09344a27ae735daa83f35662 |
- | service_name | placement |
- | service_type | placement |
- | url | http://controller:8778 |
- +--------------+----------------------------------+
6) 安装相关包并配置
(1) 安装依赖包
[[email protected] ~]# yum -y install openstack-nova-API openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-API
(2) 配置 nova.conf 文件
- [[email protected] ~]# VIM /etc/nova/nova.conf
- [DEFAULT]
- enabled_apis = osapi_compute,metadata
- [api_database]
- connection = MySQL+pymysql://nova:[email protected]/nova_api
- [database]
- connection = MySQL+pymysql://nova:[email protected]/nova
- [DEFAULT]
- transport_url = rabbit://openstack:[email protected]
- [API]
- auth_strategy = keystone
- [keystone_authtoken]
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = nova
- password = openstack
- [DEFAULT]
- my_ip = 192.168.1.83
- [DEFAULT]
- use_neutron = True
- firewall_driver = nova.virt.firewall.NoopFirewallDriver
- [vnc]
- enabled = true
- vncserver_listen = 192.168.1.83
- vncserver_proxyclient_address = 192.168.1.83
- [glance]
- api_servers = http://controller:9292
- [oslo_concurrency]
- lock_path = /var/lib/nova/tmp
- [placement]
- os_region_name = RegionOne
- project_domain_name = Default
- project_name = service
- auth_type = password
- user_domain_name = Default
- auth_url = http://controller:35357/v3
- username = placement
- password = openstack
- [[email protected] ~]# egrep -v "^#|^$" /etc/nova/nova.conf
(3) 编辑 00-nova-placement-API.conf 配置文件并重启 httpd 服务
- [[email protected] ~]# VIM /etc/httpd/conf.d/00-nova-placement-API.conf
- <Directory /usr/bin>
- <IfVersion>= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion <2.4>
- Order allow,deny
- Allow from all
- </IfVersion>
- </Directory>
- [[email protected] ~]# systemctl restart httpd
(4) 初始化 nova_api 数据库表结构:
- [[email protected] ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
- [[email protected] ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
(5) 创建 cell1:
- [[email protected] ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
- aee6767f-b31a-4caf-9744-a64e572fa533
(6) 初始化 nova 数据库的表结构:
- [[email protected] ~]# su -s /bin/sh -c "nova-manage db sync" nova
- [[email protected] ~]# MySQL -hlocalhost -unova -popenstack -e "use nova;show tables;"
- [[email protected] ~]# MySQL -hlocalhost -unova_api -popenstack -e "use nova_api;show tables;"
- [[email protected] ~]# MySQL -hlocalhost -unova_cell0 -popenstack -e "use nova_cell0;show tables;"
(7) 验证 cell0 和 cell1 是否注册
- [[email protected] ~]# nova-manage cell_v2 list_cells
- +-------+--------------------------------------+-------------------------------
- | Name | UUID | Transport URL | Database Connection |
- -----+-------------------------------------------------+
- | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | MySQL+pymysql://nova:****@controller/nova_cell0 |
- | cell1 | aee6767f-b31a-4caf-9744-a64e572fa533 | rabbit://openstack:****@controller | MySQL+pymysql://nova:****@controller/nova |
- -----+-------------------------------------------------+
(8) 服务启动并加入开机自启
- [[email protected] ~]# systemctl enable openstack-nova-API.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- [[email protected] ~]# systemctl start openstack-nova-API.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- [[email protected] ~]# openstack compute service list
- ------------------+
- | ID | Binary | Host | Zone | Status | State | Updated At |
- ------------------+
- | 1 | nova-conductor | controller | internal | enabled | up | 2020-03-17T15:15:17.000000 |
- | 2 | nova-consoleauth | controller | internal | enabled | up | 2020-03-17T15:15:17.000000 |
- | 3 | nova-scheduler | controller | internal | enabled | up | 2020-03-17T15:15:18.000000 |
- ------------------+
4.2 compute 节点
1) 安装相关包并进行配置
[[email protected] ~]# yum -y install openstack-nova-compute
2) 可以直接从控制节点拷贝配置文件修改
- [[email protected] ~]# mv /etc/nova/nova.conf ./nova.conf.bak
- [[email protected] ~]# scp [email protected]:/etc/nova/nova.conf /etc/nova/nova.conf
- [[email protected] ~]# chown root:nova /etc/nova/nova.conf
- [[email protected] ~]# VIM /etc/nova/nova.conf
- [DEFAULT]
- enabled_apis = osapi_compute,metadata
- [DEFAULT]
- transport_url = rabbit://openstack:[email protected]
- [API]
- auth_strategy = keystone
- [keystone_authtoken]
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = nova
- password = openstack
- [DEFAULT]
- my_ip = 192.168.1.85
- [DEFAULT]
- use_neutron = True
- firewall_driver = nova.virt.firewall.NoopFirewallDriver
- [vnc]
- enabled = True
- vncserver_listen = 0.0.0.0
- vncserver_proxyclient_address =192.168.1.85
- novncproxy_base_url = http://192.168.1.83:6080/vnc_auto.html
- [glance]
- api_servers = http://controller:9292
- [oslo_concurrency]
- lock_path = /var/lib/nova/tmp
- [placement]
- os_region_name = RegionOne
- project_domain_name = Default
- project_name = service
- auth_type = password
- user_domain_name = Default
- auth_url = http://controller:35357/v3
- username = placement
- password = openstack
- [[email protected] ~]# egrep -v "^#|^$" /etc/nova/nova.conf
3) 确定您的计算节点是否支持虚拟机的硬件加速, 若返回 0, 即计算节点不支持硬件加速. 必须配置 libvirt 来使用 QEMU 去代替 KVM; 若返回非 0, 则支持加速, 配置为 kvm
- [[email protected] ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
- [[email protected] ~]# VIM /etc/nova/nova.conf
- [libvirt]
- virt_type = qemu
- [[email protected] ~]# egrep -v "^#|^$" /etc/nova/nova.conf
4) 服务启动, 并加入开启自启
[[email protected] ~]# systemctl enable libvirtd.service openstack-nova-compute.service && systemctl start libvirtd.service openstack-nova-compute.service
5) 将 compute 节点添加到 cell 数据库 (控制节点执行)
- [[email protected] ~]# source admin_openrc
- [[email protected] ~]# openstack compute service list --service nova-compute
- +----+--------------+---------+------+---------+-------+----------------------------+
- | ID | Binary | Host | Zone | Status | State | Updated At |
- +----+--------------+---------+------+---------+-------+----------------------------+
- | 6 | nova-compute | compute | nova | enabled | up | 2020-03-17T15:34:33.000000 |
- +----+--------------+---------+------+---------+-------+----------------------------+
- [[email protected] ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
- Found 2 cell mappings.
- Skipping cell0 since it does not contain hosts.
- Getting computes from cell 'cell1': aee6767f-b31a-4caf-9744-a64e572fa533
- Checking host mapping for compute host 'compute': bc450889-b974-4381-a6e2-c863db40ac43
- Creating host mapping for compute host 'compute': bc450889-b974-4381-a6e2-c863db40ac43
- Found 1 unmapped computes in cell: aee6767f-b31a-4caf-9744-a64e572fa533
- When you add new compute nodes, you must run nova-manage cell_v2 discover_hosts on the controller node to register those new compute nodes. Alternatively, you can set an appropriate interval in /etc/nova/nova.conf:
- [scheduler]
- discover_hosts_in_cells_interval = 300
4.3 验证
# 控制节点执行
1) 查看 compute 服务信息
- [[email protected] ~]# source admin_openrc
- [[email protected] ~]# openstack compute service list
- +----+------------------+------------+----------+---------+-------+----------------------------+
- | ID | Binary | Host | Zone | Status | State | Updated At |
- +----+------------------+------------+----------+---------+-------+----------------------------+
- | 1 | nova-conductor | controller | internal | enabled | up | 2020-03-17T15:37:27.000000 |
- | 2 | nova-consoleauth | controller | internal | enabled | up | 2020-03-17T15:37:27.000000 |
- | 3 | nova-scheduler | controller | internal | enabled | up | 2020-03-17T15:37:28.000000 |
- | 6 | nova-compute | compute | nova | enabled | up | 2020-03-17T15:37:23.000000 |
- ------------------+
- # 列出认证服务目录
- [[email protected] ~]# openstack catalog list
- +-----------+-----------+-----------------------------------------+
- | Name | Type | Endpoints |
- +-----------+-----------+-----------------------------------------+
- | keystone | identity | RegionOne |
- | | | admin: http://controller:35357/v3/ |
- | | | RegionOne |
- | | | internal: http://controller:5000/v3/ |
- | | | RegionOne |
- | | | public: http://controller:5000/v3/ |
- | | | |
- | nova | compute | RegionOne |
- | | | public: http://controller:8774/v2.1 |
- | | | RegionOne |
- | | | internal: http://controller:8774/v2.1 |
- | | | RegionOne |
- | | | admin: http://controller:8774/v2.1 |
- | | | |
- | placement | placement | RegionOne |
- | | | public: http://controller:8778 |
- | | | RegionOne |
- | | | internal: http://controller:8778 |
- | | | RegionOne |
- | | | admin: http://controller:8778 |
- | | | |
- | glance | image | RegionOne |
- | | | internal: http://controller:9292 |
- | | | RegionOne |
- | | | public: http://controller:9292 |
- | | | RegionOne |
- | | | admin: http://controller:9292 |
- | | | |
- +-----------+-----------+-----------------------------------------+
- # 查看镜像信息
- [[email protected] ~]# openstack image list
- [[email protected] ~]# nova-status upgrade check
- Option "os_region_name" from group "placement" is deprecated. Use option "region-name" from group "placement".
- +--------------------------------+
- | Upgrade Check Results |
- +--------------------------------+
- | Check: Cells v2 |
- | Result: Success |
- | Details: None |
- +--------------------------------+
- | Check: Placement API |
- | Result: Success |
- | Details: None |
- +--------------------------------+
- | Check: Resource Providers |
- | Result: Success |
- | Details: None |
- +--------------------------------+
- | Check: Ironic Flavor Migration |
- | Result: Success |
- | Details: None |
- +--------------------------------+
- | Check: API Service Version |
- | Result: Success |
- | Details: None |
- +--------------------------------+
关于 nava 的简单介绍与实战安装就到这里, 下一章节开始安装 Neutron 的简介与实战安装
来源: http://www.bubuko.com/infodetail-3531119.html