OpenStack-Placement、nova元件部署
一、建立資料庫執行個體和資料庫使用者
[[email protected] ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
二、建立Placement服務使用者和API的endpoint
[[email protected] ~]# openstack user create --domain default --password PLACEMENT_PASS placement
//給與placement使用者對service項目擁有admin權限
[[email protected] ~]# openstack role add --project service --user placement admin
//建立一個placement服務,服務類型為placement
[[email protected] ~]# openstack service create --name placement --description "Placement API" placement
//注冊API端口到placement的service中;注冊的資訊會寫入到mysql中
[[email protected] ~]# openstack endpoint create --region RegionOne placement public http://ct:8778
[[email protected] ~]# openstack endpoint create --region RegionOne placement internal http://ct:8778
[[email protected]~]# openstack endpoint create --region RegionOne placement admin http://ct:8778
安裝placement服務
[[email protected] ~]# yum -y install openstack-placement-api
//修改placement配置檔案
cp /etc/placement/placement.conf /etc/placement/placement.conf.bak
grep -Ev '^$|#' /etc/placement/placement.conf.bak > /etc/placement/placement.conf
openstack-config --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:[email protected]/placement
openstack-config --set /etc/placement/placement.conf api auth_strategy keystone
openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/placement/placement.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_type password
openstack-config --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/placement/placement.conf keystone_authtoken project_name service
openstack-config --set /etc/placement/placement.conf keystone_authtoken username placement
openstack-config --set /etc/placement/placement.conf keystone_authtoken password PLACEMENT_PASS
//檢視配置檔案
[[email protected] placement]# cat placement.conf
[DEFAULT]
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://ct:5000/v3 #指定keystone位址
memcached_servers = ct:11211 #session資訊是緩存放到了memcached中
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
[oslo_policy]
[placement]
[placement_database]
connection = mysql+pymysql://placement:[email protected]/placement
[profiler]
//導入資料庫
su -s /bin/sh -c "placement-manage db sync" placement
//修改Apache配置檔案: 00-placemenct-api.conf(安裝完placement服務後會自動建立該檔案-虛拟主機配置)
#虛拟主機配置檔案
[[email protected] conf.d]# cat 00-placement-api.conf #安裝完placement會自動建立此檔案
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess placement-api processes=3 threads=1 user=placement group=placement
WSGIScriptAlias / /usr/bin/placement-api
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/placement/placement-api.log
#SSLEngine On
#SSLCertificateFile ...
#SSLCertificateKeyFile ...
</VirtualHost>
Alias /placement-api /usr/bin/placement-api
<Location /placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
<Directory /usr/bin> #此處是bug,必須添加下面的配置來啟用對placement api的通路,否則在通路apache的
<IfVersion >= 2.4> #api時會報403;添加在檔案的最後即可
Require all granted
</IfVersion>
<IfVersion < 2.4> #apache版本;允許apache通路/usr/bin目錄;否則/usr/bin/placement-api将不允許被通路
Order allow,deny
Allow from all #允許apache通路
</IfVersion>
</Directory>
//重新啟動apache
[[email protected] placement]# systemctl restart httpd
測試
//curl 測試通路
[[email protected] placement]# curl ct:8778
{"versions": [{"status": "CURRENT", "min_version": "1.0", "max_version": "1.36", "id": "v1.0", "links": [{"href": "", "rel": "self"}]}]}
//檢視端口占用(netstat、lsof)
[[email protected] placement]# netstat -natp | grep 8778
//檢查placement狀态
[[email protected] placement]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
三、計算節點Nova服務配置
- 建立nova資料庫,并執行授權操作
[[email protected] ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
- 管理Nova使用者及服務
//建立nova使用者
[[email protected] ~]# openstack user create --domain default --password NOVA_PASS nova
//把nova使用者添加到service項目,擁有admin權限
[[email protected] ~]# openstack role add --project service --user nova admin
//建立nova服務
[[email protected] ~]# openstack service create --name nova --description "OpenStack Compute" compute
//給Nova服務關聯endpoint(端點)
[[email protected] ~]# openstack endpoint create --region RegionOne compute public http://ct:8774/v2.1
[[email protected] ~]# openstack endpoint create --region RegionOne compute internal http://ct:8774/v2.1
[[email protected] ~]# openstack endpoint create --region RegionOne compute admin http://ct:8774/v2.1
//安裝nova元件(nova-api、nova-conductor、nova-novncproxy、nova-scheduler)
[[email protected] ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
//修改nova配置檔案(nova.conf)
cp -a /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
#修改nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.11 ####修改為 ct的IP(内部IP)
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:[email protected]
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:[email protected]/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:[email protected]/nova
openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:[email protected]/placement
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
#檢視nova.conf
cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata #指定支援的api類型
my_ip = 192.168.100.11 #定義本地IP
use_neutron = true #通過neutron擷取IP位址
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:[email protected] #指定連接配接的rabbitmq
[api]
auth_strategy = keystone #指定使用keystone認證
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:[email protected]/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken] #配置keystone的認證資訊
auth_url = http://ct:5000/v3 #到此url去認證
memcached_servers = ct:11211 #memcache資料庫位址:端口
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency] #指定鎖路徑
lock_path = /var/lib/nova/tmp #鎖的作用是建立虛拟機時,在執行某個操作的時候,需要等此步驟執行完後才能執行下一個步驟,不能并行執行,保證操作是一步一步的執行
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc] #此處如果配置不正确,則連接配接不上虛拟機的控制台
enabled = true
server_listen = $my_ip #指定vnc的監聽位址
server_proxyclient_address = $my_ip #server的用戶端位址為本機位址;此位址是管理網的位址
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
[placement_database]
connection = mysql+pymysql://placement:[email protected]/placement
- 初始化資料庫
初始化nova_api資料庫
[[email protected] ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
注冊cell0資料庫;nova服務内部把資源劃分到不同的cell中,把計算節點劃分到不同的cell中;openstack内部基于cell把計算節點進行邏輯上的分組
[[email protected] ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#建立cell1單元格;
[[email protected] ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#初始化nova資料庫;可以通過 /var/log/nova/nova-manage.log 日志判斷是否初始化成功
[[email protected] ~]# su -s /bin/sh -c "nova-manage db sync" nova
#可使用以下指令驗證cell0和cell1是否注冊成功
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova #驗證cell0和cell1元件是否注冊成功
- 啟動Nova服務
[[email protected] ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[[email protected] ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- 檢查nova服務端口
[[email protected] ~]# netstat -tnlup|egrep '8774|8775'
[[email protected] ~]# curl http://ct:8774
四、計算節點配置Nova服務-c1節點
安裝nova-compute元件
yum -y install openstack-nova-compute
修改配置檔案
#編輯計算節點節點Nova配置檔案(c1和c2、隻有IP不同)
cp -a /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:[email protected]
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.12 #修改為對應節點的内部IP
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.100.11:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://ct:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://ct:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
#配置檔案内容如下:
[[email protected] nova]# cat nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:[email protected]
my_ip = 192.168.100.12
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://ct:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://ct:5000/v3
memcached_servers = ct:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ct:5000/v3
username = placement
password = PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.100.11:6080/vnc_auto.html #比較特殊的地方,需要手動添加IP位址,否則之後搭建成功後,無法通過UI控制台通路到内部虛拟機
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
- 開啟服務
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
【計算節點-c2】與c1相同(除了IP位址)
五、controler節點操作
檢視compute節點是否注冊到controller上,通過消息隊列;需要在controller節點執行
[[email protected] ~]# openstack compute service list --service nova-compute
掃描目前openstack中有哪些計算節點可用,發現後會把計算節點建立到cell中,後面就可以在cell中建立虛拟機;相當于openstack内部對計算節點進行分組,把計算節點配置設定到不同的cell中
[[email protected] ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
預設每次添加個計算節點,在控制端就需要執行一次掃描,這樣會很麻煩,是以可以修改控制端nova的主配置檔案
[[email protected] ~]# vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300 #每300秒掃描一次
[[email protected] ~]# systemctl restart openstack-nova-api.service
- 驗證
#檢查 nova 的各個服務是否都是正常,以及 compute 服務是否注冊成功
[[email protected] ~]# openstack compute service list
#檢視各個元件的 api 是否正常
[[email protected] ~]# openstack catalog list
#檢視是否能夠拿到鏡像
[[email protected] ~]# openstack image list
#檢視cell的api和placement的api是否正常,隻要其中一個有誤,後期無法建立虛拟機
[[email protected] ~]# nova-status upgrade check
![openstack身份管理[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)