标签:grant uid address bsp 用户 网络安装 try 请求 euc
概述
``nova-api``服务
接收和响应来自最终用户的计算API请求。。
``nova-api-metadata``服务
接受元数据(元数据)请求的实例。当您在多主机模式下运行新星网络安装时,通常使用新星元数据服务。
nova-placement-api service
Tracks the inventory and usage of each provider. For details, see Placement API.
``nova-scheduler``服务
拿到一个来自队列请求虚拟机实例,然后决定那台计算服务器主机来运行它。
``nova-conductor``模块
Api和数据库之间的桥梁
nova-cert 模块
服务器守护进程向Nova Cert服务提供X509证书。用来为``euca-bundle-image``生成证书。仅仅是在EC2 API的请求中使用
nova-consoleauth 模块
nova-novncproxy and nova-xvpvncproxy.依赖于此服务.
nova-novncproxy 模块
提供一个代理,用于访问正在运行的实例,通过VNC协议,支持基于浏览器的novnc客户端。
``nova-spicehtml5proxy``守护进程
提供一个代理,用于访问正在运行的实例,通过 SPICE 协议,支持基于浏览器的 HTML5 客户端。
nova-xvpvncproxy 守护进程
提供一个代理,用于访问正在运行的实例,通过VNC协议,支持OpenStack特定的Java客户端。
队列
SQL数据库
存储构建时和运行时的状态,为云基础设施,包括有:
1、建数据库
$ mysql -u rgalera -p galera -h 192.168.16.10
Create the nova_api, nova, and nova_cell0 databases:
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
对数据库进行正确的授权:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘localhost‘ \
IDENTIFIED BY ‘NOVA_DBPASS‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘%‘ \
IDENTIFIED BY ‘NOVA_DBPASS‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ \
IDENTIFIED BY ‘NOVA_DBPASS‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ \
IDENTIFIED BY ‘NOVA_DBPASS‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova‘@‘localhost‘ \
IDENTIFIED BY ‘NOVA_DBPASS‘;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova‘@‘%‘ \
IDENTIFIED BY ‘NOVA_DBPASS‘;
用合适的密码代替 NOVA_DBPASS。
退出数据库客户端。
2、创建角色、用户
admin 凭证来获取只有管理员能执行的命令的访问权限:
$ . admin-openrc
创建 nova 用户:
$ openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8a7dbf5279404537b1c7b86c033620fe |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3、添加 admin 角色到 nova 用户和 service 项目上
$ openstack role add --project service --user nova admin
4、创建 nova 租户
$ openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
Create the Compute API service endpoints:
5、创建nova租户api端点
$ openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 3c1caa473bfe4390a11e7177894bcc7b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+
$ openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e3c918de680746a586eac1f2d9bc10ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+
$ openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 38f7af91666a47cfb97b4dc790b94424 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+
Create a Placement service user using your chosen PLACEMENT_PASS:
6、创建placement用户
$ openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fa742015a6494a949f67629884fc7ec8 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Add the Placement user to the service project with the admin role:
7、palcement赋予admin角色
$ openstack role add --project service --user placement admin
注解
这个命令执行后没有输出。
Create the Placement API entry in the service catalog:
8、创建palcement租户
$ openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 2d1a27022e6e4185b86adac4444c495f |
| name | placement |
| type | placement |
+-------------+----------------------------------+
Create the Placement API service endpoints:
9、创建palcement租户端点
$ openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2b1b2637908b4137a9c2e0470487cbc0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 02bcda9a150a4bd7993ff4879df971ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d71177b9e0f406f98cbff198d74b182 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
1、安装nova相关软件
所有控制节点上都执行
# yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
2、编辑配置文件
编辑``/etc/nova/nova.conf``文件并完成下面的操作:
在``[DEFAULT]``部分,只启用计算和元数据API:
[DEFAULT]
enabled_apis = osapi_compute,metadata
在``[api_database]``和``[database]``部分,配置数据库的连接:
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller1/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller1/nova
在``[DEFAULT]``部分,配置``RabbitMQ``消息队列访问权限:
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller1
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers =controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 10.129.0.12 (控制节点的ip地址)
搜索0.0.0.0将0.0.0.0替换成本节点的物理地址
novncproxy_host=192.168.16.11
osapi_compute_listen=192.168.16.11
metadata_listen=192.168.16.11
在 ``[DEFAULT]``部分,启用网络服务支持:
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver (禁用内置防火墙服务)
注解
默认情况下,计算服务使用内置的防火墙服务。由于网络服务包含了防火墙服务,你必须使用``nova.virt.firewall.NoopFirewallDriver``防火墙服务来禁用掉计算服务内置的防火墙服务
在``[vnc]``部分,配置VNC代理使用控制节点的管理接口IP地址 :
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
In the [placement] section, configure the Placement API:
配置api端点
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
对placement api启用access访问权限
Due to a packaging bug, you must enable access to the Placement API by adding the following configuration to /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
Restart the httpd service:
# systemctl restart httpd
Populate the nova-api database:
将nova.conf 和/etc/httpd/conf.d/00-nova-placement-api.conf同时copy到controller2、controller3
scp /etc/nova/nova.conf root@contrller2:/etc/nova/
scp /etc/nova/nova.conf root@contrller3:/etc/nova/
scp /etc/httpd/conf.d/00-nova-placement-api.conf root@contrller2:/ etc/httpd/conf.d/
scp /etc/httpd/conf.d/00-nova-placement-api.conf root@contrller3:/ etc/httpd/conf.d/
3、同步数nova-api据库
# su -s /bin/sh -c "nova-manage api_db sync" nova
注解 忽略输出中任何不推荐使用的信息。
Register the cell0 database:
同步nova-cell0数据库
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
Create the cell1 cell:
创建cell1表
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650
Populate the nova database:
同步nova数据库
# su -s /bin/sh -c "nova-manage db sync" nova
Verify nova cell0 and cell1 are registered correctly:
检测同步结果
# nova-manage cell_v2 list_cells
+-------+--------------------------------------+
| Name | UUID |
+-------+--------------------------------------+
| cell1 | 109e1d4b-536a-40d0-83c6-5f121b82b650 |
| cell0 | 00000000-0000-0000-0000-000000000000 |
+-------+--------------------------------------+
完成安装?
4、启动并开机启动
所有控制节点执行操作
# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl status openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service | grep running
计算节点先安装openstack-ocata包
yum install centos-release-openstack-ocata
yum install python-openstackclient
安装nova软件包
# yum install openstack-nova-compute
编辑``/etc/nova/nova.conf``文件并完成下面的操作:
[DEFAULT]
enabled_apis = osapi_compute,metadata
在``[DEFAULT]``部分,配置``RabbitMQ``消息队列访问权限:
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
In the [api] and [keystone_authtoken] sections, configure Identity service access:
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
使用你在身份认证服务中设置的``nova`` 用户的密码替换``NOVA_PASS``。
注解在 [keystone_authtoken] 中注释或者删除其他选项。
在 [DEFAULT] 部分,配置 my_ip 选项:
[DEFAULT]
# ...
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
将其中的 MANAGEMENT_INTERFACE_IP_ADDRESS 替换为计算节点上的管理网络接口的IP 地址,例如 :ref:`example architecture <overview-example-architectures>`中所示的第一个节点 10.129.0.15 。
在 ``[DEFAULT]``部分,启用网络服务支持:
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
注解
缺省情况下,Compute 使用内置的防火墙服务。由于 Networking 包含了防火墙服务,所以你必须通过使用 nova.virt.firewall.NoopFirewallDriver 来去除 Compute 内置的防火墙服务。
在``[vnc]``部分,启用并配置远程控制台访问:
[vnc]
# ...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.16.10:6080/vnc_auto.html
服务器组件监听所有的 IP 地址,而代理组件仅仅监听计算节点管理网络接口的 IP 地址。基本的 URL 指示您可以使用 web 浏览器访问位于该计算节点上实例的远程控制台的位置。
注解
如果你运行浏览器的主机无法解析``controller`` 主机名,你可以将 ``controller``替换为你控制节点管理网络的IP地址。
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
In the [placement] section, configure the Placement API:
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
完成安装?
硬件加速
确定您的计算节点是否支持虚拟机的硬件加速。
$ egrep -c ‘(vmx|svm)‘ /proc/cpuinfo
如果这个命令返回了 one or greater 的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM
在 /etc/nova/nova.conf 文件的 [libvirt] 区域做出如下的编辑:
[libvirt]
# ...
virt_type = qemu
启动计算服务及其依赖,并将其配置为随系统自动启动:
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
控制节点操作
$ . admin-openrc
$ openstack hypervisor list
+----+---------------------+-----------------+-----------+-------+
| ID | Hypervisor Hostname | Hypervisor Type | Host IP | State |
+----+---------------------+-----------------+-----------+-------+
| 1 | compute1 | QEMU | 10.129.0.31 | up |
+----+---------------------+-----------------+-----------+-------+
Discover compute hosts:
# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell ‘cell1‘: ad5a5985-a719-4567-98d8-8d148aaae4bc
Found 1 computes in cell: ad5a5985-a719-4567-98d8-8d148aaae4bc
Checking host mapping for compute host ‘compute‘: fe58ddc1-1d65-4f87-9456-bc040dc106b3
Creating host mapping for compute host ‘compute‘: fe58ddc1-1d65-4f87-9456-bc040dc106b3
注解
When you add new compute nodes, you must run nova-manage cell_v2 discover_hosts on the controller node to register those new compute nodes. Alternatively, you can set an appropriate interval in /etc/nova/nova.conf:
[scheduler]
discover_hosts_in_cells_interval = 300
$ . admin-openrc
列出服务组件,以验证是否成功启动并注册了每个进程:
$ openstack compute service list
注解
该输出应该显示三个服务组件在控制节点上启用,一个服务组件在计算节点上启用。
列出身份认证服务中的 API 端点来验证身份认证服务的连通性:
$ openstack catalog list
+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| keystone | identity | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | admin: http://controller:35357/v3/ |
| | | |
| glance | image | RegionOne |
| | | admin: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | RegionOne |
| | | internal: http://controller:9292 |
| | | |
| nova | compute | RegionOne |
| | | admin: http://controller:8774/v2.1 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1 |
| | | RegionOne |
| | | public: http://controller:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | public: http://controller:8778 |
| | | RegionOne |
| | | admin: http://controller:8778 |
| | | RegionOne |
| | | internal: http://controller:8778 |
| | | |
+-----------+-----------+-----------------------------------------+
注解
Ignore any warnings in this output.
List images in the Image service to verify connectivity with the Image service:
$ openstack image list
查看计算节点
openstack compute service list
[root@controller1 ~]# nova-status upgrade check
标签:grant uid address bsp 用户 网络安装 try 请求 euc
原文地址:https://www.cnblogs.com/hanjingzheng/p/9082253.html