云计算之openstack（N版）Nova计算服务最佳实践

2.5计算服务

2.5.1Nova的概述

Nova组成组件：
API：负责接收和响应外部请求。支持openstack API，EC2 API
Nova-api组件实现了restful API功能，是外部访问Nova的唯一途径
接收外部的请求并通过message queue将请求发送给其他的组件，同事也兼容EC2 API，所以也可以用EC2 的管理工具对Nova进行日常管理。
Cert：负责身份认证EC 2
Schedule：用于云主机调读，决策虚拟机创建在哪个主机（计算节点）上。
Conductor：计算节点访问数据的中间件
Consoleauth：用于控制台的授权验证
Novncproxy：VNC代理

Nova-computer一般运行在计算节点上，通过messagequeue接收并管理VM的生命周期。通过libvirt管理KVM，通过xenapi管理xen等。

2.5.2控制节点上Nova的安装与配置

a数据库的创建与授权
create databasenova;grant all on nova.*to 'nova'@'localhost' identified by 'nova';grant all on nova.*to 'nova'@'%' identified by 'nova';create databasenova_api;grant all onnova_api.* to 'nova'@'localhost' identified by 'nova';grant all onnova_api.* to 'nova'@'%' identified by 'nova';
b创建服务证书
获得 admin 凭证来获取只有管理员能执行的命令的访问权限：
sourceadmin-openstack.sh创建 nova 用户：
openstack usercreate --domain default \--password-promptnova给 nova 用户添加admin 角色：
openstack role add--project service --user nova admin
c创建 nova 服务实体
openstack servicecreate --name nova \--description"OpenStack Compute" compute
d创建 Compute 服务 API 端点
openstack endpointcreate --region RegionOne compute public http://192.168.56.11:8774/v2.1/%\(tenant_id\)sopenstack endpointcreate --region RegionOne compute admin http://192.168.56.11:8774/v2.1/%\(tenant_id\)sopenstack endpointcreate --region RegionOne compute internalhttp://192.168.56.11:8774/v2.1/%\(tenant_id\)s

e软件包的安装
yum install -yopenstack-nova-api openstack-nova-conductor \openstack-nova-consoleopenstack-nova-novncproxy \openstack-nova-scheduler
f编辑``/etc/nova/nova.conf``
[DEFAULT]#只启用计算和元数据APIenabled_apis=osapi_compute,metadatatransport_url=rabbit://openstack:openstack@192.168.56.11#配置rabbitmq消息队列访问权限auth_strategy=keystonefirewall_driver =nova.virt.firewall.NoopFirewallDriver #启用网络服务支持use_neutron=True[api_database]#配置数据库的连接connection=mysql+pymysql://nova:nova@192.168.56.11/nova_api[database] #配置数据库的连接connection=mysql+pymysql://nova:nova@192.168.56.11/nova[glance] #配置镜像服务API的位置api_servers=http://192.168.56.11:9292[keystone_authtoken]#配置认证服务访问auth_uri =http://192.168.56.11:5000auth_url =http://192.168.56.11:35357memcached_servers =192.168.56.11:11211auth_type =passwordproject_domain_name= defaultuser_domain_name =defaultproject_name =serviceusername = novapassword = nova[oslo_concurrency]配置锁路径lock_path=/var/lib/nova/tmp[vnc]#配置vnc代理使用控制节点的管理接口IP地址vncserver_listen=0.0.0.0vncserver_proxyclient_address=192.168.56.11
j同步Compute 数据库
su -s /bin/sh -c"nova-manage api_db sync" novasu -s /bin/sh -c"nova-manage db sync" nova检验是否同步成功
mysql -h192.168.56.11 -unova -pnova -e "use nova;show tables;"mysql -h192.168.56.11 -unova -pnova -e "use nova_api;show tables;"

h启动 Compute 服务并将其设置为随系统启动
systemctl enableopenstack-nova-api.service \openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \openstack-nova-conductor.serviceopenstack-nova-novncproxy.servicesystemctl startopenstack-nova-api.service \openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \openstack-nova-conductor.serviceopenstack-nova-novncproxy.service
验证：
openstack host list+-------------------------+-------------+----------+| Host Name | Service| Zone |+-------------------------+-------------+----------+|linux-node1.example.com | consoleauth | internal ||linux-node1.example.com | conductor | internal ||linux-node1.example.com | scheduler | internal |+-------------------------+-------------+----------+
2.5.3计算节点上Nova的安装与配置
a检验是否具备虚拟化功能
egrep -c'(vmx|svm)' /proc/cpuinfo 过来出非零的数字即可
b软件包安装
yum install -yopenstack-nova-compute
c编辑``/etc/nova/nova.conf`` [DEFAULT]
[DEFAULT]#只启用计算和元数据APIauth_strategy=keystonefirewall_driver =nova.virt.firewall.NoopFirewallDriveruse_neutron=Trueenabled_apis=osapi_compute,metadatatransport_url=rabbit://openstack:openstack@192.168.56.11 #配置``RabbitMQ``消息队列访问权限[api_database]#配置数据库访问connection=mysql+pymysql://nova:nova@192.168.56.11/nova_api[database]#配置数据库访问connection=mysql+pymysql://nova:nova@192.168.56.11/nova[glance]#配置镜像服务APIapi_servers=http://192.168.56.11:9292[keystone_authtoken] #配置认证服务auth_uri =http://192.168.56.11:5000auth_url =http://192.168.56.11:35357memcached_servers =192.168.56.11:11211auth_type =passwordproject_domain_name= defaultuser_domain_name =defaultproject_name =serviceusername = novapassword = nova[oslo_concurrency]#配置锁路径lock_path=/var/lib/nova/tmp[vnc] #启用并配置远程控制台访问enabled = Truevncserver_listen=0.0.0.0vncserver_proxyclient_address=192.168.56.12novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html[libvirt]virt_type=kvm

d启动计算服务及其依赖，并将其配置为随系统自动启动
systemctl enablelibvirtd.service openstack-nova-compute.servicesystemctl startlibvirtd.service openstack-nova-compute.service
验证：
获得 admin 凭证来获取只有管理员能执行的命令的访问权限：
sourceadmin-openstack列出服务组件，以验证是否成功启动并注册了每个进程：
openstack compute servicelist+----+------------------+-------------------------+----------+---------+-------+----------------------------+| ID | Binary |Host | Zone | Status | State | Updated At |+----+------------------+-------------------------+----------+---------+-------+----------------------------+| 1 |nova-consoleauth | linux-node1.example.com | internal | enabled | up |2016-12-20T08:00:14.000000 || 2 |nova-conductor | linux-node1.example.com | internal | enabled | up |2016-12-20T08:00:20.000000 || 4 | nova-scheduler| linux-node1.example.com | internal | enabled | up |2016-12-20T08:00:14.000000 || 8 | nova-compute| linux-node2.example.com | nova | enabled | up | 2016-12-20T08:00:17.000000 |+----+------------------+-------------------------+----------+---------+-------+----------------------------+