nova介绍 Nova 是 OpenStack 最核心的服务,负责维护和管理云环境的计算资源。OpenStack 作为 IaaS 的云操作系统,虚拟机生命周期管理也就是通过 Nova 来实现的。
用途与功能 :
实例生命周期管理 管理计算资源 网络和认证管理 REST 风格的 API 异步的一致性通信 Hypervisor 透明:支持Xen,XenServer/XCP,KVM, UML,VMware vSphere and Hyper-V 体系结构
组件介绍 nova-api nova-api :实现了RESTful API功能,是外部访问Nova的唯一途径。接收外部的请求并通过Message Queue将请求发送给其他的服务组件,同时也兼容EC2 API,所以也可以用EC2的管理工具对nova进行日常管理。
nova-scheduler nova-scheduler: 决策虚拟机创建在哪个主机(计算节点)上。决策一个虚拟机应该调度到某物理节点,需要分为两个步骤:
过滤(filter):过滤出可以创建虚拟机的主机。
计算权值(weight):根据权重大小进行分配,默认根据资源可用空间进行权重排序。
nova-compute nova-compute: 负责虚拟机的生命周期管理,创建并终止虚拟机实例的工作后台程序hypervisor api
nova-conductor nova-conductor: 计算节点访问数据的中间件,nova-compute服务和数据库之间的中间件。它消除了对云数据库的直接访问。
nova-api-metadata: 从实例中接收元数据请求。nova-api-metadata服务通常在nova-network安装时使用的是多宿主模式运行。
nova-placement-api nova-placement-api: 跟踪每个计算提供者的仓库和使用情况。
nova-consoleauth nova-consoleauth: 用于控制台的授权验证,授权控制台代理提供的用户令牌。此服务必须运行用于控制台代理工作。您可以运行任何类型的代理,而不是集群配置中的单nova-consoleauth服务。
Queue Queue: 在守护进程之间传递消息的中心。通常使用RabbitMQ,也可以用另一个基于AMQP的消息队列,例如ZeroMQ。
工作流程
界面或命令行通过RESTful API向keystone获取认证信息。
keystone通过用户请求认证信息,正确后生成token返回给对应的认证请求。
界面或命令行通过RESTful API向nova-api发送一个创建虚拟机的请求(携带token)。
nova-api接受请求后向keystone发送认证请求,查看token是否为有效用户。
keystone验证token是否有效,如有效则返回有效的认证和对应的角色(注:有些操作需要有角色权限才能操作)。
通过认证后nova-api检查创建虚拟机参数是否有效合法后和数据库通讯。
当所有的参数有效后初始化新建虚拟机的数据库记录。
nova-api通过rpc.call向nova-scheduler请求是否有创建虚拟机的资源(Host ID)。
nova-scheduler进程侦听消息队列,获取nova-api的请求。
nova-scheduler通过查询nova数据库中计算资源的情况,并通过调度算法计算符合虚拟机创建需要的主机。
对于有符合虚拟机创建的主机,nova-scheduler更新数据库中虚拟机对应的物理主机信息。
nova-scheduler通过rpc.cast向nova-compute发送对应的创建虚拟机请求的消息。
nova-compute会从对应的消息队列中获取创建虚拟机请求的消息。
nova-compute通过rpc.call向nova-conductor请求获取虚拟机消息。
nova-conductor从消息队队列中拿到nova-compute请求消息。
nova-conductor根据消息查询虚拟机对应的信息。
nova-conductor从数据库中获得虚拟机对应信息。
nova-conductor把虚拟机信息通过消息的方式发送到消息队列中。
nova-compute从对应的消息队列中获取虚拟机信息消息。
nova-compute通过keystone的RESTfull API拿到认证的token,并通过HTTP请求glance-api获取创建虚拟机所需要镜像。
glance-api向keystone认证token是否有效,并返回验证结果。
token验证通过,nova-compute获得虚拟机镜像信息(URL)。
nova-compute通过keystone的RESTfull API拿到认证k的token,并通过HTTP请求neutron-server获取创建虚拟机所需要的网络信息。
neutron-server向keystone认证token是否有效,并返回验证结果。
token验证通过,nova-compute获得虚拟机网络信息。
nova-compute通过keystone的RESTfull API拿到认证的token,并通过HTTP请求cinder-api获取创建虚拟机所需要的持久化存储信息。
cinder-api向keystone认证token是否有效,并返回验证结果。
token验证通过,nova-compute获得虚拟机持久化存储信息。
nova-compute根据instance的信息调用配置的虚拟化驱动来创建虚拟机。
安装部署nova 控制节点安装nova 创库授权 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 # 创建数据库 CREATE DATABASE nova_api;CREATE DATABASE nova;CREATE DATABASE nova_cell0;# 创建用户 GRANT ALL PRIVILEGES ON nova_api.* TO 'nova' @'localhost' \ IDENTIFIED BY '123456' ; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova' @'%' \ IDENTIFIED BY '123456' ; GRANT ALL PRIVILEGES ON nova.* TO 'nova' @'localhost' \ IDENTIFIED BY '123456' ; GRANT ALL PRIVILEGES ON nova.* TO 'nova' @'%' \ IDENTIFIED BY '123456' ; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova' @'localhost' \ IDENTIFIED BY '123456' ; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova' @'%' \ IDENTIFIED BY '123456' ;
nova创建用户\角色 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 # 非交互式创建用户nova密码nova openstack user create --domain default --password nova nova # 交互式创建用户 # openstack user create --domain default --password-prompt nova # 授权到admin角色 openstack role add --project service --user nova admin # 检验 [root@master01 ~]# openstack user list +----------------------------------+-----------+ | ID | Name | +----------------------------------+-----------+ | d8cd16895f8d4421975a3e22396af49a | admin | | d5935c2448ff4adb91758635718ea7a8 | glance | | 45dc96ccfbde4da0b042c715781dbf06 | placement | | a39969441ac94974ae36fb738fb3ea78 | nova | +----------------------------------+-----------+ [root@master01.boysec.cn ~]# openstack role assignment list +----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+ | Role | User | Group | Project | Domain | System | Inherited | +----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+ | 9ccb729edfb945f4bc4ea5b4abcb305c | 45dc96ccfbde4da0b042c715781dbf06 | | e605a87cc5c34ae0869226db49b48162 | | | False | | 9ccb729edfb945f4bc4ea5b4abcb305c | a39969441ac94974ae36fb738fb3ea78 | | e605a87cc5c34ae0869226db49b48162 | | | False | | 9ccb729edfb945f4bc4ea5b4abcb305c | d5935c2448ff4adb91758635718ea7a8 | | e605a87cc5c34ae0869226db49b48162 | | | False | | 9ccb729edfb945f4bc4ea5b4abcb305c | d8cd16895f8d4421975a3e22396af49a | | e40a3e215adc41fa89b7c6ddf9443dc3 | | | False | | 9ccb729edfb945f4bc4ea5b4abcb305c | d8cd16895f8d4421975a3e22396af49a | | | | all | False | +----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
创建nova服务(api接口) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 openstack service create --name nova \ --description "OpenStack Compute" compute openstack endpoint create --region RegionOne \ compute public http://master01.boysec.cn:8774/v2.1 openstack endpoint create --region RegionOne \ compute internal http://master01.boysec.cn:8774/v2.1 openstack endpoint create --region RegionOne \ compute admin http://master01.boysec.cn:8774/v2.1 # 检查命令 openstack service list openstack endpoint list
安装nova 1 2 3 4 5 6 yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-novncproxy openstack-nova-scheduler -y # openstack-nova-conductor 负责数据库 # openstack-nova-novncproxy 负责云主机连接 # openstack-nova-scheduler 负责调度调度
配置nova 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 [root@master01 ~]# cp /etc/nova/nova.conf{,.bak} [root@master01 ~]# grep -Ev "^$|#" /etc/nova/nova.conf.bak > /etc/nova/nova.conf [root@master01 ~]# cat /etc/nova/nova.conf [DEFAULT] my_ip = 10.1.1.100 # 启动neutron服务,禁用nova内置防火墙 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver # 启动计算服务api,metadata定义虚拟机的api enabled_apis = osapi_compute,metadata # 连接消息队列rabbitmq transport_url = rabbit://openstack:openstack@master01.boysec.cn:5672/ [api] auth_strategy = keystone # nova_api连接数据库配置 [api_database] connection = mysql+pymysql://nova:123456@master01.boysec.cn/nova_api [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] # nova连接数据库配置 [database] connection = mysql+pymysql://nova:123456@master01.boysec.cn/nova [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://master01.boysec.cn:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] www_authenticate_uri = http://master01.boysec.cn:5000/ auth_url = http://master01.boysec.cn:5000/ memcached_servers = master01.boysec.cn:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = nova [libvirt] [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [pci] [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://master01.boysec.cn:5000/v3 username = placement password = placement [powervm] [privsep] [profiler] [quota] [rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] # VNC连接配置 [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [workarounds] [wsgi] [xenserver] [xvp] [zvm]
同步数据库 1 2 3 4 5 6 7 8 9 10 11 12 13 14 su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova # 检查 [root@master01.boysec.cn ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova +-------+--------------------------------------+----------------------------------------+-----------------------------------------------+----------+ | Name | UUID | Transport URL | Database Connection | Disabled | +-------+--------------------------------------+----------------------------------------+-----------------------------------------------+----------+ | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@master01.boysec.cn/nova_cell0 | False | | cell1 | d9de97cb-10e5-4d25-97e9-85e4ecd46f12 | rabbit://openstack:****@master01.boysec.cn:5672/ | mysql+pymysql://nova:****@master01.boysec.cn/nova | False | +-------+--------------------------------------+----------------------------------------+-----------------------------------------------+----------+ [root@master01.boysec.cn ~]# nova-manage cell_v2 list_cells
启动服务 1 2 3 4 5 6 7 8 9 10 systemctl enable \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service systemctl start \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service
验证 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 [root@master01.boysec.cn ~]# openstack compute service list +----+----------------+--------------------+----------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+----------------+--------------------+----------+---------+-------+----------------------------+ | 1 | nova-conductor | master01.boysec.cn | internal | enabled | up | 2021-12-26T03:55:16.000000 | | 2 | nova-scheduler | master01.boysec.cn | internal | enabled | up | 2021-12-26T03:55:07.000000 | +----+----------------+--------------------+----------+---------+-------+----------------------------+ 验证操作 1、列出服务组件以验证每个进程的成功启动和注册 # openstack compute service list 2、列出Identity服务中的API端点以验证与Identity服务的连接 # openstack catalog list 3、检查单元格和放置API是否成功运行 [root@master01 ~]# nova-status upgrade check +--------------------------------+ | Upgrade Check Results | +--------------------------------+ | Check: Cells v2 | | Result: Success | | Details: None | +--------------------------------+ | Check: Placement API | | Result: Success | | Details: None | +--------------------------------+ | Check: Ironic Flavor Migration | | Result: Success | | Details: None | +--------------------------------+ | Check: Cinder API | | Result: Success | | Details: None | +--------------------------------+
计算节点安装nova 安装 1 yum install openstack-nova-compute -y
配置nova 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 cp /etc/nova/nova.conf{,.bak} grep -Ev "^$|#" /etc/nova/nova.conf.bak > /etc/nova/nova.conf cat /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:openstack@master01.boysec.cn my_ip = 10.1.1.120 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [api] auth_strategy = keystone [api_database] [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://master01.boysec.cn:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] www_authenticate_uri = http://master01.boysec.cn:5000/ auth_url = http://master01.boysec.cn:5000/ memcached_servers = master01.boysec.cn:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = nova [libvirt] [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [pci] [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://master01.boysec.cn:5000/v3 username = placement password = placement [powervm] [privsep] [profiler] [quota] [rdp] [remote_debug] [scheduler] discover_hosts_in_cells_interval = 300 [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://master01.boysec.cn:6080/vnc_auto.html [workarounds] [wsgi] [xenserver] [xvp] [zvm]
启动nova 1 2 3 4 # 查看是否支持cpu虚拟化 egrep -c '(vmx|svm)' /proc/cpuinfo # 启动 systemctl enable libvirtd.service openstack-nova-compute.service
控制节点验证 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [root@master01.boysec.cn ~]# openstack compute service list +----+----------------+--------------------+----------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+----------------+--------------------+----------+---------+-------+----------------------------+ | 1 | nova-conductor | master01.boysec.cn | internal | enabled | up | 2021-12-26T05:57:52.000000 | | 2 | nova-scheduler | master01.boysec.cn | internal | enabled | up | 2021-12-26T05:57:52.000000 | | 5 | nova-compute | node01.boysec.cn | nova | enabled | up | 2021-12-26T05:57:57.000000 | | 6 | nova-compute | node02.boysec.cn | nova | enabled | up | 2021-12-26T05:57:59.000000 | +----+----------------+--------------------+----------+---------+-------+----------------------------+ # 主机发现或者更新主机 su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova # 控制节点配置主机发现 vim /etc/nova/nova.conf [scheduler] discover_hosts_in_cells_interval = 300
