1、Nova架构
Nova是openstack中最核心的组件,它管理了整个VM的生命周期。openstack的其他组件归根结底是为Nova组件服务的,基于用户需求为VM提供计算资源管理。
Nova 逻辑架构如下图红色方框部分所示
2、Nova的逻辑模块
Nova服务主要由API、Compute、Conductor、Scheduler四个核心服务组成,他们之间通过AMQP通信。 它包含了多个子服务。
1.Nova API :它是进入Nova的HTTP接口,用于接收和处理客户端发送的HTTP请求
2.Nova Scheduler :它是Nova的调度子服务。当客户端向Nova 服务器发起创建虚拟机请求时,它将虚拟机创建在哪个节点上。
3.Nova Conductor :它是RPC服务,它的作用主要是提供数据库查询功能。在openstack服务中出于安全性和伸缩性的考虑,nova-compute 并不会直接访问数据库,而是委托给 nova-conductor。这样有两个优点:(1)更高的系统安全性;(2)更好的系统伸缩性。
4.Nova Compute :Nova组件中最核心的服务,实现虚拟机管理的功能。实现了在计算节点上创建、启动、暂停、关闭和删除虚拟机、虚拟机在不同的计算节点间迁移、虚拟机安全控制、管理虚拟机磁盘镜像以及快照等功能。
5.Nova Cert :用于管理证书,为了兼容AWS。AWS提供一整套的基础设施和应用程序服务,使得几乎所有的应用程序在云上运行。
6.Nova Cell :Nova Cell子服务的目的便于实现横向扩展和大规模的部署,同时不增加数据库和RPC消息中间件的复杂度。在Nova Scheduler服务的主机调度的基础上实现了区域调度。
7.Nova Console、Nova Consoleauth、Nova VNCProxy :Nova控制台子服务。功能是实现客户端通过代理服务器远程访问虚拟机实例的控制界面。
3、Nova启动一个虚拟机的过程
nova 启动虚拟机的过程如图所示
整个创建vm的过程如下(自己整理了半天,发现别人写的真的太好了,直接借用):
1、用户登录dashboard界面或操作命令行通过RESTful API向keystone获取认证信息;
2、keystone通过用户请求认证信息,并生成auth-token返回给对应的认证请求。
3、界面或命令行通过RESTful API向nova-api发送一个boot instance的请求(携带auth-token);
4、nova-api接受请求后向keystone发送认证请求,查看token是否为有效用户和token;
5、keystone验证token是否有效,如有效则返回有效的认证和对应的角色(注:有些操作需要有角色权限才能操作);
6、通过认证后nova-api和数据库通讯;
7、初始化新建虚拟机的数据库记录;
8、nova-api通过rpc.call向nova-scheduler请求是否有创建虚拟机的资源(Host ID);
9、nova-scheduler进程侦听消息队列,获取nova-api的请求;
10、nova-scheduler通过查询nova数据库中计算资源的情况,并通过调度算法计算符合虚拟机创建需要的主机;
11、对于有符合虚拟机创建的主机,nova-scheduler更新数据库中虚拟机对应的物理主机信息;
12、nova-scheduler通过rpc.cast向nova-compute发送对应的创建虚拟机请求的消息;
13、nova-compute会从对应的消息队列中获取创建虚拟机请求的消息;
14、nova-compute通过rpc.call向nova-conductor请求获取虚拟机消息(Flavor);
15、nova-conductor从消息队队列中拿到nova-compute请求消息;
16、nova-conductor根据消息查询虚拟机对应的信息;
17、nova-conductor从数据库中获得虚拟机对应信息;
18、nova-conductor把虚拟机信息通过消息的方式发送到消息队列中;
19、nova-compute从对应的消息队列中获取虚拟机信息消息;
20、nova-compute通过keystone的RESTfull API拿到认证的token,并通过HTTP请求glance-api获取创建虚拟机所需要镜像;
21、glance-api向keystone认证token是否有效,并返回验证结果;
22、token验证通过,nova-compute获得虚拟机镜像信息(URL);
23、nova-compute通过keystone的RESTfull API拿到认证k的token,并通过HTTP请求neutron-server获取创建虚拟机所需要的网络信息;
24、neutron-server向keystone认证token是否有效,并返回验证结果;
25、token验证通过,nova-compute获得虚拟机网络信息;
26、nova-compute通过keystone的RESTfull API拿到认证的token,并通过HTTP请求cinder-api获取创建虚拟机所需要的持久化存储信息;
27、cinder-api向keystone认证token是否有效,并返回验证结果;
28、token验证通过,nova-compute获得虚拟机持久化存储信息;
29、nova-compute根据instance的信息调用配置的虚拟化驱动来创建虚拟机;
4、实战:nova的手动搭建
4.1 Controller节点
1)数据库相关操作:
[root@controller ~]# mysql -uroot -popenstack <<EOF
create database nova_api;
create database nova;
create database nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
EOF2)创建nova用户,并在service项目中添加管理员角色
#授权
[root@controller ~]# source admin_openrc 下面这句要分开执行,要输入nova用户的密码:
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fe8948c5641b4a16a26420260bd822a7 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin3)创建nova服务及端口
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 9c78ed53491546ba863062d0c74e3902 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 44df01edd39c4acfaad2877c26ea2c8f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9c78ed53491546ba863062d0c74e3902 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8a6c68ff6ca847e78e6cb5764a6bef98 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9c78ed53491546ba863062d0c74e3902 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a5f08ccb71084552aed1a7de40a9a374 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9c78ed53491546ba863062d0c74e3902 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+4)创建placement用户,并在service项目中添加管理员角色
#授权
[root@controller ~]# source admin_openrc
下面这句要分开执行,要输入nova用户的密码:
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e0ca61dd6473425abd65af2cb5d6afd3 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin5)创建placement服务及端口
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | a6dc5d3a09344a27ae735daa83f35662 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 63d8a43ea474463493e620fd8a7934f9 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a6dc5d3a09344a27ae735daa83f35662 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 79673b1b93874c43aaef13ed25dbde20 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a6dc5d3a09344a27ae735daa83f35662 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9ddeb299982c434fbf93570ccc448e66 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a6dc5d3a09344a27ae735daa83f35662 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+6)安装相关包并配置
(1)安装依赖包
[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
(2)配置nova.conf文件
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:openstack@controller/nova_api
[database]
connection = mysql+pymysql://nova:openstack@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:openstack@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = openstack
[DEFAULT]
my_ip = 192.168.1.83
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
vncserver_listen = 192.168.1.83
vncserver_proxyclient_address = 192.168.1.83
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = openstack
[root@controller ~]# egrep -v "^#|^$" /etc/nova/nova.conf
(3)编辑00-nova-placement-api.conf 配置文件并重启httpd服务
[root@controller ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
[root@controller ~]# systemctl restart httpd
(4)初始化nova_api数据库表结构:
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
(5)创建cell1:
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
aee6767f-b31a-4caf-9744-a64e572fa533
(6)初始化nova数据库的表结构:
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# mysql -hlocalhost -unova -popenstack -e "use nova;show tables;"
[root@controller ~]# mysql -hlocalhost -unova_api -popenstack -e "use nova_api;show tables;"
[root@controller ~]# mysql -hlocalhost -unova_cell0 -popenstack -e "use nova_cell0;show tables;"
(7)验证cell0和cell1是否注册
[root@controller ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+-------------------------------
| Name | UUID | Transport URL | Database Connection |
-----+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 | aee6767f-b31a-4caf-9744-a64e572fa533 | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova |
-----+-------------------------------------------------+(8)服务启动并加入开机自启
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# openstack compute service list
------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
------------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2020-03-17T15:15:17.000000 |
| 2 | nova-consoleauth | controller | internal | enabled | up | 2020-03-17T15:15:17.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2020-03-17T15:15:18.000000 |
------------------+4.2 compute节点
1)安装相关包并进行配置
[root@compute ~]# yum -y install openstack-nova-compute2)可以直接从控制节点拷贝配置文件修改
[root@compute ~]# mv /etc/nova/nova.conf ./nova.conf.bak
[root@compute ~]# scp root@192.168.1.83:/etc/nova/nova.conf /etc/nova/nova.conf
[root@compute ~]# chown root:nova /etc/nova/nova.conf
[root@compute ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[DEFAULT]
transport_url = rabbit://openstack:openstack@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = openstack
[DEFAULT]
my_ip = 192.168.1.85
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address =192.168.1.85
novncproxy_base_url = http://192.168.1.83:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = openstack
[root@compute ~]# egrep -v "^#|^$" /etc/nova/nova.conf3)确定您的计算节点是否支持虚拟机的硬件加速,若返回0,即计算节点不支持硬件加速。必须配置 libvirt 来使用 QEMU 去代替 KVM;若返回非0,则支持加速,配置为kvm
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute ~]# vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu
[root@compute ~]# egrep -v "^#|^$" /etc/nova/nova.conf4)服务启动,并加入开启自启
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service && systemctl start libvirtd.service openstack-nova-compute.service5)将compute节点添加到cell数据库(控制节点执行)
[root@compute ~]# source admin_openrc
[root@compute ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 6 | nova-compute | compute | nova | enabled | up | 2020-03-17T15:34:33.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
[root@compute ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': aee6767f-b31a-4caf-9744-a64e572fa533
Checking host mapping for compute host 'compute': bc450889-b974-4381-a6e2-c863db40ac43
Creating host mapping for compute host 'compute': bc450889-b974-4381-a6e2-c863db40ac43
Found 1 unmapped computes in cell: aee6767f-b31a-4caf-9744-a64e572fa533
When you add new compute nodes, you must run nova-manage cell_v2 discover_hosts on the controller node to register those new compute nodes. Alternatively, you can set an appropriate interval in /etc/nova/nova.conf:
[scheduler]
discover_hosts_in_cells_interval = 3004.3 验证
#控制节点执行
1)查看compute服务信息
[root@controller ~]# source admin_openrc
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2020-03-17T15:37:27.000000 |
| 2 | nova-consoleauth | controller | internal | enabled | up | 2020-03-17T15:37:27.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2020-03-17T15:37:28.000000 |
| 6 | nova-compute | compute | nova | enabled | up | 2020-03-17T15:37:23.000000 |
------------------+#列出认证服务目录
[root@controller ~]# openstack catalog list
+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| keystone | identity | RegionOne |
| | | admin: http://controller:35357/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | |
| nova | compute | RegionOne |
| | | public: http://controller:8774/v2.1 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1 |
| | | RegionOne |
| | | admin: http://controller:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | public: http://controller:8778 |
| | | RegionOne |
| | | internal: http://controller:8778 |
| | | RegionOne |
| | | admin: http://controller:8778 |
| | | |
| glance | image | RegionOne |
| | | internal: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | RegionOne |
| | | admin: http://controller:9292 |
| | | |
+-----------+-----------+-----------------------------------------+#查看镜像信息
[root@controller ~]# openstack image list[root@controller ~]# nova-status upgrade check
Option "os_region_name" from group "placement" is deprecated. Use option "region-name" from group "placement".
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: API Service Version |
| Result: Success |
| Details: None |
+--------------------------------+
关于nava的简单介绍与实战安装就到这里,下一章节开始安装Neutron的简介与实战安装