一、Compute(Nova)简介
1、Nova简介
管理VM的整个生命周期,主要职责包括启动、调度VMs;
Supporting Service:
AMQP:Advanced Messaging Queue Protocol
开源解决方案:Apache Qpid(小规模),RabbitMQ(中,1千个物理节点),ZeroMQ(大),
Database:
2、Nova的组件
API:nova-api,nova-api-metadata
Compute Core:nova-compute,nova-scheduler,nova-conductor
Network for VMs:(用不到,由Netron提供)nova-network,nova-dhcpagent
Console Interface:nova-consoleauth,nova-novncproxy,nova-x***cproxy,nova-cert
Command line and other interfaces:nova,nova-manage
Compute服务的角色:
管理角色:
hypervisor:负责运行虚拟机
二、安装Nova
1、安装消息队列服务
[root@Node1 ~]# yum install qpid-cpp-server -y [root@Node1 ~]# rpm -ql qpid-cpp-server /etc/qpid/qpidd.acl /etc/qpidd.conf /etc/rc.d/init.d/qpidd /etc/sasl2/qpidd.conf /usr/lib64/libqpidbroker.so.8 /usr/lib64/libqpidbroker.so.8.0.0 /usr/lib64/qpid/daemon /usr/lib64/qpid/daemon/acl.so /usr/lib64/qpid/daemon/replicating_listener.so /usr/lib64/qpid/daemon/replication_exchange.so /usr/sbin/qpidd /usr/share/man/man1/qpidd.1.gz /var/lib/qpidd /var/lib/qpidd/qpidd.sasldb /var/run/qpidd
修改qpidd配置文件将auth设置为no:
[root@Node1 qpid]# vi /etc/qpidd.conf auth=no
启动qpidd:
[root@Node1 ~]# service qpidd start Starting Qpid AMQP daemon: [ OK ] [root@Node1 ~]# chkconfig qpidd on [root@Node1 ~]# netstat -nlptu|grep qpidd tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 6608/qpidd tcp 0 0 :::5672 :::* LISTEN 6608/qpidd [root@Node1 ~]# chkconfig qpidd on
2、Install Compute Controller Services
1)安装相应的软件包
[root@Node1 ~]# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
2)创建数据库并授权
mysql> create database nova character set utf8; Query OK, 1 row affected (0.00 sec) mysql> grant all on nova.* to 'nova'@'%' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) mysql> grant all on nova.* to 'nova'@'localhost' identified by 'nova'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
3)配置/etc/nova/nova.conf
[root@Node1 nova]# vi nova.conf #rpc_backend=rabbit #找到并修改 rpc_backend=qpid #qpid_hostname=localhost #找到并修改 qpid_hostname=192.168.10.1 #my_ip=10.0.0.1 my_ip=192.168.10.1 #vncserver_listen=127.0.0.1 vncserver_listen=192.168.10.1 # The address to which proxy clients (like nova-xvpvncproxy) # should connect (string value) #vncserver_proxyclient_address=127.0.0.1 vncserver_proxyclient_address=192.168.10.1
同步数据库:
[root@Node1 nova]# su -s /bin/sh -c "nova-manage db sync" nova #注意db sync没下划线 mysql> use nova Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +--------------------------------------------+ | Tables_in_nova | +--------------------------------------------+ | agent_builds |
4)创建nova用户
[root@Node1 ~]# keystone user-create --name=nova --pass=nova /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | b56531230b124b7ebbe1b9e72502a907 | | name | nova | | username | nova | +----------+----------------------------------+ [root@Node1 ~]# keystone user-role-add --user=nova --role=admin --tenant=service /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
修改配置文件:
[root@Node1 nova]# vi nova.conf #auth_strategy=noauth #找到并修改 auth_strategy=keystone [keystone_authtoken] # # Options defined in keystoneclient.middleware.auth_token # # Prefix to prepend at the beginning of the path (string # value) #auth_admin_prefix= auth_protocol=http auth_url=http://controller:5000 auth_host=controller auth_port=35357 auth_user=nova admin_tenant_name=service admin_password=nova
5)在keystone中添加glance的service endpoint:
[root@Node1 nova]# keystone service-create --name=nova --type=compute \ > --description="OpenStack Compute" /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | e7acbab65f9647e7a3f691f990e43eb5 | | name | nova | | type | compute | +-------------+----------------------------------+ [root@Node1 nova]# keystone endpoint-create \ > --service-id=$(keystone service-list | awk '/ compute / {print $2}') \ > --publicurl=http://controller:8774/v2/%\(tenant_id\)s \ > --internalurl=http://controller:8774/v2/%\(tenant_id\)s \ > --adminurl=http://controller:8774/v2/%\(tenant_id\)s /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) +-------------+-----------------------------------------+ | Property | Value | +-------------+-----------------------------------------+ | adminurl | http://controller:8774/v2/%(tenant_id)s | | id | 990796a3ab404d0f816b6916005c57df | | internalurl | http://controller:8774/v2/%(tenant_id)s | | publicurl | http://controller:8774/v2/%(tenant_id)s | | region | regionOne | | service_id | e7acbab65f9647e7a3f691f990e43eb5 | +-------------+-----------------------------------------+
6)启动nova服务
[root@Node1 ~]# service openstack-nova-api start Starting openstack-nova-api: [ OK ] [root@Node1 ~]# service openstack-nova-cert start Starting openstack-nova-cert: [ OK ] [root@Node1 ~]# service openstack-nova-consoleauth start Starting openstack-nova-consoleauth: [ OK ] [root@Node1 ~]# service openstack-nova-scheduler start Starting openstack-nova-scheduler: [ OK ] [root@Node1 ~]# service openstack-nova-conductor start Starting openstack-nova-conductor: [ OK ] [root@Node1 ~]# service openstack-nova-novncproxy start Starting openstack-nova-novncproxy: [ OK ] [root@Node1 ~]# chkconfig openstack-nova-api on [root@Node1 ~]# chkconfig openstack-nova-cert on [root@Node1 ~]# chkconfig openstack-nova-consoleauth on [root@Node1 ~]# chkconfig openstack-nova-scheduler on [root@Node1 ~]# chkconfig openstack-nova-conductor on [root@Node1 ~]# chkconfig openstack-nova-novncproxy on
验证是否配置成功:
[root@Node1 ~]# nova p_w_picpath-list /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) +--------------------------------------+------------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+------------------+--------+--------+ | a3ae2a3d-832f-42bb-907f-f508c12de5d9 | cirros-0.3.4.img | ACTIVE | | +--------------------------------------+------------------+--------+--------+
3、Configure a compute node
[root@Node2 ~]# yum install openstack-nova-compute
配置/etc/nova/nova.conf:
这个跟Controller节点上的nova服务器端的配置文件不完成相同,不能把它复制过来
[root@Node2 ~]# cd /etc/nova [root@Node2 nova]# ls api-paste.ini nova.conf policy.json release rootwrap.conf [root@Node2 nova]# vi nova.conf #qpid_hostname=localhost qpid_hostname=192.168.10.1 #rpc_backend=rabbit rpc_backend=qpid #auth_strategy=noauth auth_strategy=keystone #connection=mysql://nova:nova@localhost/nova connection=mysql://nova:[email protected]/nova #glance_host=$my_ip glance_host=192.168.10.1 #my_ip=10.0.0.1 my_ip=192.168.10.2 #novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html novncproxy_base_url=http://192.168.10.1:6080/vnc_auto.html #vncserver_listen=127.0.0.1 vncserver_listen=0.0.0.0 #vncserver_proxyclient_address=127.0.0.1 vncserver_proxyclient_address=192.168.10.2 #vif_plugging_is_fatal=true vif_plugging_is_fatal=false #网络配置错误虚拟机就不能启动 #vif_plugging_timeout=300 vif_plugging_timeout=10 #虚拟机设置网络超时时间 [keystone_authtoken] # # Options defined in keystoneclient.middleware.auth_token # # Prefix to prepend at the beginning of the path (string # value) #auth_admin_prefix= auth_protocol=http auth_url=http://controller:5000 auth_host=controller auth_port=35357 auth_user=nova admin_tenant_name=service admin_password=nova
启动服务:
[root@Node2 nova]# service libvirtd start Starting libvirtd daemon: [ OK ] [root@Node2 nova]# service messagebus start Starting system message bus: [root@Node2 nova]# service openstack-nova-compute start Starting openstack-nova-compute: [ OK ] [root@Node2 nova]# service openstack-nova-compute status openstack-nova-compute (pid 5247) is running... [root@Node2 nova]# chkconfig libvirtd on [root@Node2 nova]# chkconfig messagebus on [root@Node2 nova]# chkconfig openstack-nova-compute on
验证是否配置成功:
在Controller节点上验证
[root@Node1 ~]# nova hypervisor-list +----+---------------------+ | ID | Hypervisor hostname | +----+---------------------+ | 1 | Node2 | +----+---------------------+
附、可能遇到的报错
1、烦人的警告信息
[root@Node1 ~]# nova p_w_picpath-list /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
需要5以上的版本的gmp:
解决方法:下载gmp 5以上的版本,编译安装
# ./configure # make # make check # make install # yum install python-devel # yum install python-pip -y # pip install --ignore-installed PyCrypto # service openstack-keystone restart
2、在配置Computer service时,启动openstack-nova-novncproxy时无法正常启动。
[root@controller ~]# service openstack-nova-novncproxy start Starting openstack-nova-novncproxy: [ OK ] [root@controller ~]# service openstack-nova-novncproxy status openstack-nova-novncproxy dead but pid file exists
然后改用手动启动服务,依旧不行,报错信息如下:
[root@controller ~]# /usr/bin/python /usr/bin/nova-novncproxy --web /usr/share/novnc/ Traceback (most recent call last): File "/usr/bin/nova-novncproxy", line 10, insys.exit(main()) File "/usr/lib/python2.6/site-packages/nova/cmd/novncproxy.py", line 87, in main wrap_cmd=None) File "/usr/lib/python2.6/site-packages/nova/console/websocketproxy.py", line 47, in __init__ ssl_target=None, *args, **kwargs) File "/usr/lib/python2.6/site-packages/websockify/websocketproxy.py", line 231, in __init__ websocket.WebSocketServer.__init__(self, RequestHandlerClass, *args, **kwargs) TypeError: __init__() got an unexpected keyword argument 'no_parent'
查阅了相关信息后发现是由于python-websockify的版本导致的,openstack-icehouse需要的python-websockify版本<=0.5.1,但是在安装时默认使用了epel源中的0.6.0版本。配置好icehouse的源后,对该软件包进行降级即可。
[root@controller ~]# yum list | grep websockify python-websockify.noarch 0.5.1-1.el6 @openstack-icehouse python-websockify.noarch 0.6.0-3.el6 epel
[root@controller ~]# yum downgrade python-websockify-0.5.1-1.el6.noarch