openstack迁移总汇

目录

1 热迁移之block-migration 

    1.1 查看物理主机CPU 

    1.2 修改hosts文件 

    1.3 开启热迁移 

    1.4 修改防火墙 

    1.5 virsh测试是否可以连通对端机器 

        1.5.1 方法1 

        1.5.2 方法2 

    1.6 迁移情况 

    1.7 下面的作为参考 

        1.7.1 主机 

        1.7.2 各节点之间nova账号无密码访问 

        1.7.3 可选操作 

    1.8 注意事项 

        1.8.1 事项1 

        1.8.2 事项2 

2 冷迁移 

    2.1 方法1 

        2.1.1 YUN-19上,修改数据库 

        2.1.2 实例文件拷贝 

        2.1.3 查看文件 

        2.1.4 新建与迁移的实例关联的网桥 

    2.2 方法2 

        2.2.1 转换镜像格式 

        2.2.2 查看镜像信息 

        2.2.3 几种镜像格式的比较: 

        2.2.4 注意事项 

        2.2.5 把镜像disk4拷贝到YUN-19 

        2.2.6 linux实例做迁移 

        2.2.7 补充一 

        2.2.8 补充二 

3 参考文档 

 

 

热迁移之block-migration

1.1 查看物理主机CPU

# cat /proc/cpuinfo |grep name |cut -f2 -d:|uniq -c

 

YUN-11YUN-12(主机名)

32  Intel(R) Xeon(R) CPU E5-2640 v2 @ 2.00GHz

 

YUN-13YUN-14

64  Intel(R) Xeon(R) CPU E7- 4830  @ 2.13GHz

 

test-compute

8  Intel(R) Xeon(R) CPU E5-2407 0 @ 2.20GHz

 

还有后来添加的主机YUN-17

192  Intel(R) Xeon(R) CPU E7-8850 v2 @ 2.30GHz

 

1.2 修改hosts文件

(每个迁移涉及的节点上都做此操作)

# vi /etc/hosts

添加

192.168.0.11    YUN-11

192.168.0.12    YUN-12

192.168.0.13    YUN-13

192.168.0.14    YUN-14

192.168.0.126   test-compute

192.168.0.17    YUN-17

 

1.3 开启热迁移

(每个迁移涉及的节点上都做此操作)

# vi /etc/nova/nova.conf

 

# Migration flags to be set for live migration (string value)

#live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER

 

to

 

# Migration flags to be set for live migration (string value)

live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_UNSAFE

 

1.4 修改防火墙

# vi /etc/sysconfig/iptables

修改之前的防火墙配置

YUN-11防火墙

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.11" -j ACCEPT

 

 

YUN-12防火墙

 

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT

-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.12" -j ACCEPT

-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.13" -j ACCEPT

 

YUN-13防火墙

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT

-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.12" -j ACCEPT

-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.13" -j ACCEPT

 

YUN-14的防火墙

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT

-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.14" -j ACCEPT

 

测试机的防火墙

 

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT

-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.126" -j ACCEPT

 

YUN-17的防火墙

 

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT

-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.17" -j ACCEPT

 

修改之后的防火墙配置

YUN-11

添加

# by sxzhou-

A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.12" -j ACCEPT

-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.13" -j ACCEPT

-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.14" -j ACCEPT

-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.126" -j ACCEPT

-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.17" -j ACCEPT

 

YUN-12

添加

# by sxzhou

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.11" -j ACCEPT

-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.14" -j ACCEPT

-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.126" -j ACCEPT

-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.17" -j ACCEPT

 

YUN-13

添加

# by sxzhou

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.11" -j ACCEPT

-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.14" -j ACCEPT

-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.126" -j ACCEPT

-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.17" -j ACCEPT

 

YUN-14

添加

# by sxzhou -A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.11" -j ACCEPT

-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.12" -j ACCEPT

-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.13" -j ACCEPT

-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.126" -j ACCEPT

-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.17" -j ACCEPT

 

测试机

添加

# by sxzhou

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.11" -j ACCEPT

-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.12" -j ACCEPT

-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.13" -j ACCEPT

-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.14" -j ACCEPT

-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.17" -j ACCEPT

 

YUN-17

添加

# by sxzhou

-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.11" -j ACCEPT

-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.12" -j ACCEPT

-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.13" -j ACCEPT

-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.14" -j ACCEPT

-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.126" -j ACCEPT

 

保存退出后记得重启防火墙的服务

 

1.5 virsh测试是否可以连通对端机器

(要测试其余每台机器)

两种测试方式:

YUN-11为例,测试与YUN-12的连通性

1.5.1 方法1

YUN-11主机上

virsh # connect qemu+tcp://192.168.0.12/system

正常情况下将列出YUN-12上的实例

 

下面是异常情况

virsh # connect qemu+tcp://192.168.0.12/system

error: Failed to connect to the hypervisor

error: unable to connect to server at '192.168.0.13:16509': No route to host

 

异常情况的话就要查看上面所述的配置是否有误

 

1.5.2 方法2

# virsh

virsh # connect qemu+tcp://192.168.0.12/system

 

查看主机名确认

virsh # hostname

YUN-12

 

1.6 迁移情况

dash中选择【管理员】-【实例】,在要迁移的主机后面点击下拉菜单,再点击“实例热迁移”,再选择“块迁移”

YUN-11可以迁移到YUN-12YUN-17

YUN-12可以迁移到YUN-17

YUN-13可以迁移到YUN-12test-compute

YUN-13可以迁移到YUN-12test-compute

test-compute可以迁移到YUN-12

YUN-17不可以迁移

注:

其他机器无法迁移到YUN-11YUN-13的原因是这两台机器的磁盘空间被超量使用

 

从上面的测试可以分析出各主机迁移CPU的优先级

YUN-17 < YUN-13YUN-14 < YUN-126 < YUN-11YUN-12

 

当迁移失败,并且在日志文件中查看到下面所示的出错信息时,就说明两台节点的物理资源不匹配

InvalidCPUInfo: Unacceptable CPU info: CPU doesn't have compatibility.

查看的日志主要有控制节点的/var/log/nova/api.log和计算节点的/var/log/nova/compute.log

 

1.7 下面的作为参考

在刚开始的迁移测试中,是这样的

操作对象:

1.7.1 主机

主机IP    主机名         角色

192.168.0.11    YUN-11            控制节点

192.168.0.12    YUN-12            扩展节点

192.168.0.126   test-compute     测试机

 

注意:本测验是虽然以控制节点为例,但是每台涉及迁移的主机都要做操作

 

1.7.2 各节点之间nova账号无密码访问

1.7.2.1 在各个需要相互无密码访问节点上做以下操作

# usermod -s /bin/bash nova

# su nova

$ cd

$ ssh-keygen

$ touch .ssh/authorized_keys

1.7.2.2 把其他节点的公钥拷贝过来,追加到本地的认证文件中

以控制节点为例

$ scp root@192.168.0.12:/var/lib/nova/.ssh/id_rsa.pub .

$ cat id_rsa.pub >> .ssh/authorized_keys

 

$ scp root@192.168.0.126:/var/lib/nova/.ssh/id_rsa.pub .

$ cat id_rsa.pub >> .ssh/authorized_keys

 

之后两个扩展节点就能够利用nova用户无密码访问控制节点了

依照这种方法在其他节点做类似操作,最终就会实现各节点之间nova用户的无密码访问

 

1.7.3 可选操作

【可选,确认即可】网上文档上做了修改,但是本集群按默认配置

1.7.3.1 编辑/etc/nova/nova.conf

如果希望可以在Dashboard里设置root的密码

inject_password=true

 

修改虚拟机配置,不需要迁移

allow_resize_to_same_host=true

 

(可选)

迁移和修改配置,不需要手工确认,1表示1秒的时间让你确认,如果没确认就继续

resize_confirm_window=1

 

重启服务

service openstack-nova-compute restart

1.7.3.2 热迁移(block-migration

所有的节点上修改nova.conf

live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_UNSAFE

开启热迁移功能

 

【确认即可,此处也按系统默认配置】

然后需要配置versh免密码连接,修改/etc/libvirt/libvirtd.conf

去掉注释

listen_tls = 0

listen_tcp = 1

去掉注释并修改值

auth_tcp = none# 注意这里必须设为none,否则需要认证。

测试下:

 virsh --connect qemu+tcp://192.168.0.12/system list

 virsh --connect qemu+tcp://192.168.0.126/system list

如果不需要输入用户名和密码就能够列出所有的虚拟机,则表示配置成功。

重启所有计算节点nova-compute libvirt-bin服务

 

此时就可以使用novaclient命令进行迁移,比如要把vm1从测试机迁移到YUN-12,

nova live-migration --block-migrate vm1 YUN-12

注意选项--block-migrate是必要的,否则默认以共享存储的方式迁移,另外需要在控制节点做/etc/hosts文件主机名和IP的解析

 

测试迁移【事实证明防火墙不可以关闭】

测试迁移并没有成功,在关闭YUN-12test-compute防火墙后再次测试,迁移成功。需要注意的是控制节点关闭防火墙失败

 

1.8 注意事项

1.8.1 事项1

需要注意的是做热迁移的过程中发现,关闭各节点防火墙就可以做迁移(不做修改防火墙的步骤),但是整个集群出现异常,各节点不能够创建实例,所以对于各节点的防火墙不能关闭,只能做策略。

1.8.2 事项2

nova用户无密码访问是否需要做还不太明确,在刚开始的测试中都是做的,就是上面提到的三台机器,不过在后来的试验中,不断有新加进来测试的机器都没有做,所以应该是不需要。