一、Compute(Nova)简介

1、Nova简介

      管理VM的整个生命周期,主要职责包括启动、调度VMs; 

Supporting Service:

                          AMQP:Advanced Messaging Queue Protocol

                               开源解决方案:Apache Qpid(小规模),RabbitMQ(中,1千个物理节点),ZeroMQ(大),

                          Database:


2、Nova的组件

OpenStack、compute组件_第1张图片

API:nova-api,nova-api-metadata

Compute Core:nova-compute,nova-scheduler,nova-conductor

Network for VMs:(用不到,由Netron提供)nova-network,nova-dhcpagent

Console Interface:nova-consoleauth,nova-novncproxy,nova-x***cproxy,nova-cert

Command line and other interfaces:nova,nova-manage


Compute服务的角色:

                          管理角色:

                          hypervisor:负责运行虚拟机

 

二、安装Nova

1、安装消息队列服务

[root@Node1 ~]# yum install qpid-cpp-server -y

[root@Node1 ~]# rpm -ql qpid-cpp-server
/etc/qpid/qpidd.acl
/etc/qpidd.conf
/etc/rc.d/init.d/qpidd
/etc/sasl2/qpidd.conf
/usr/lib64/libqpidbroker.so.8
/usr/lib64/libqpidbroker.so.8.0.0
/usr/lib64/qpid/daemon
/usr/lib64/qpid/daemon/acl.so
/usr/lib64/qpid/daemon/replicating_listener.so
/usr/lib64/qpid/daemon/replication_exchange.so
/usr/sbin/qpidd
/usr/share/man/man1/qpidd.1.gz
/var/lib/qpidd
/var/lib/qpidd/qpidd.sasldb
/var/run/qpidd

修改qpidd配置文件将auth设置为no:

[root@Node1 qpid]# vi /etc/qpidd.conf

auth=no

启动qpidd:

[root@Node1 ~]# service qpidd start
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@Node1 ~]# chkconfig qpidd on
[root@Node1 ~]# netstat -nlptu|grep qpidd
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      6608/qpidd          
tcp        0      0 :::5672                     :::*                        LISTEN      6608/qpidd 
[root@Node1 ~]# chkconfig qpidd on


2、Install Compute Controller Services

 1)安装相应的软件包

[root@Node1 ~]# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

2)创建数据库并授权

mysql> create database nova character set utf8;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on nova.* to 'nova'@'%' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on nova.* to 'nova'@'localhost' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

3)配置/etc/nova/nova.conf

[root@Node1 nova]# vi nova.conf

#rpc_backend=rabbit              #找到并修改
rpc_backend=qpid

#qpid_hostname=localhost         #找到并修改       
qpid_hostname=192.168.10.1

#my_ip=10.0.0.1
my_ip=192.168.10.1

#vncserver_listen=127.0.0.1
vncserver_listen=192.168.10.1

# The address to which proxy clients (like nova-xvpvncproxy)
# should connect (string value)
#vncserver_proxyclient_address=127.0.0.1
vncserver_proxyclient_address=192.168.10.1

同步数据库:

[root@Node1 nova]# su -s /bin/sh -c "nova-manage db sync" nova   #注意db sync没下划线

mysql> use nova
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+--------------------------------------------+
| Tables_in_nova                             |
+--------------------------------------------+
| agent_builds                               |

4)创建nova用户

[root@Node1 ~]# keystone user-create --name=nova --pass=nova 
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | b56531230b124b7ebbe1b9e72502a907 |
|   name   |               nova               |
| username |               nova               |
+----------+----------------------------------+

[root@Node1 ~]# keystone user-role-add --user=nova --role=admin --tenant=service
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

修改配置文件:

[root@Node1 nova]# vi nova.conf


 #auth_strategy=noauth         #找到并修改
  auth_strategy=keystone


[keystone_authtoken]        

#
# Options defined in keystoneclient.middleware.auth_token
#

# Prefix to prepend at the beginning of the path (string
# value)
#auth_admin_prefix=
auth_protocol=http
auth_url=http://controller:5000
auth_host=controller
auth_port=35357
auth_user=nova
admin_tenant_name=service
admin_password=nova

 5)在keystone中添加glance的service endpoint:

[root@Node1 nova]# keystone service-create --name=nova --type=compute \
> --description="OpenStack Compute"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |        OpenStack Compute         |
|   enabled   |               True               |
|      id     | e7acbab65f9647e7a3f691f990e43eb5 |
|     name    |               nova               |
|     type    |             compute              |
+-------------+----------------------------------+
[root@Node1 nova]# keystone endpoint-create \
> --service-id=$(keystone service-list | awk '/ compute / {print $2}') \
> --publicurl=http://controller:8774/v2/%\(tenant_id\)s \
> --internalurl=http://controller:8774/v2/%\(tenant_id\)s \
> --adminurl=http://controller:8774/v2/%\(tenant_id\)s
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+-----------------------------------------+
|   Property  |                  Value                  |
+-------------+-----------------------------------------+
|   adminurl  | http://controller:8774/v2/%(tenant_id)s |
|      id     |     990796a3ab404d0f816b6916005c57df    |
| internalurl | http://controller:8774/v2/%(tenant_id)s |
|  publicurl  | http://controller:8774/v2/%(tenant_id)s |
|    region   |                regionOne                |
|  service_id |     e7acbab65f9647e7a3f691f990e43eb5    |
+-------------+-----------------------------------------+

6)启动nova服务

[root@Node1 ~]# service openstack-nova-api start
Starting openstack-nova-api:                               [  OK  ]
[root@Node1 ~]# service openstack-nova-cert start
Starting openstack-nova-cert:                              [  OK  ]
[root@Node1 ~]# service openstack-nova-consoleauth start
Starting openstack-nova-consoleauth:                       [  OK  ]
[root@Node1 ~]# service openstack-nova-scheduler start
Starting openstack-nova-scheduler:                         [  OK  ]
[root@Node1 ~]# service openstack-nova-conductor start
Starting openstack-nova-conductor:                         [  OK  ]
[root@Node1 ~]# service openstack-nova-novncproxy start
Starting openstack-nova-novncproxy:                        [  OK  ]
[root@Node1 ~]# chkconfig openstack-nova-api on
[root@Node1 ~]# chkconfig openstack-nova-cert on
[root@Node1 ~]# chkconfig openstack-nova-consoleauth on
[root@Node1 ~]# chkconfig openstack-nova-scheduler on
[root@Node1 ~]# chkconfig openstack-nova-conductor on
[root@Node1 ~]# chkconfig openstack-nova-novncproxy on

验证是否配置成功:

[root@Node1 ~]# nova p_w_picpath-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+--------------------------------------+------------------+--------+--------+
| ID                                   | Name             | Status | Server |
+--------------------------------------+------------------+--------+--------+
| a3ae2a3d-832f-42bb-907f-f508c12de5d9 | cirros-0.3.4.img | ACTIVE |        |
+--------------------------------------+------------------+--------+--------+


3、Configure a compute node            

[root@Node2 ~]# yum install openstack-nova-compute

配置/etc/nova/nova.conf:

这个跟Controller节点上的nova服务器端的配置文件不完成相同,不能把它复制过来

[root@Node2 ~]# cd /etc/nova
[root@Node2 nova]# ls
api-paste.ini  nova.conf  policy.json  release  rootwrap.conf
[root@Node2 nova]# vi nova.conf 

#qpid_hostname=localhost
qpid_hostname=192.168.10.1

#rpc_backend=rabbit
rpc_backend=qpid

#auth_strategy=noauth
auth_strategy=keystone

#connection=mysql://nova:nova@localhost/nova
connection=mysql://nova:[email protected]/nova

#glance_host=$my_ip
glance_host=192.168.10.1

#my_ip=10.0.0.1
my_ip=192.168.10.2

#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html
novncproxy_base_url=http://192.168.10.1:6080/vnc_auto.html   

#vncserver_listen=127.0.0.1
vncserver_listen=0.0.0.0

#vncserver_proxyclient_address=127.0.0.1
vncserver_proxyclient_address=192.168.10.2  


#vif_plugging_is_fatal=true
vif_plugging_is_fatal=false             #网络配置错误虚拟机就不能启动

#vif_plugging_timeout=300
vif_plugging_timeout=10                 #虚拟机设置网络超时时间


[keystone_authtoken]

#
# Options defined in keystoneclient.middleware.auth_token
#

# Prefix to prepend at the beginning of the path (string
# value)
#auth_admin_prefix=
auth_protocol=http
auth_url=http://controller:5000
auth_host=controller 
auth_port=35357
auth_user=nova
admin_tenant_name=service
admin_password=nova

启动服务:

[root@Node2 nova]# service libvirtd start
Starting libvirtd daemon:                                  [  OK  ]
[root@Node2 nova]# service messagebus start
Starting system message bus: 
[root@Node2 nova]# service openstack-nova-compute start
Starting openstack-nova-compute:                           [  OK  ]
[root@Node2 nova]# service openstack-nova-compute status
openstack-nova-compute (pid  5247) is running...
[root@Node2 nova]# chkconfig libvirtd on
[root@Node2 nova]# chkconfig messagebus on
[root@Node2 nova]# chkconfig openstack-nova-compute on

验证是否配置成功:

在Controller节点上验证

[root@Node1 ~]# nova hypervisor-list
+----+---------------------+
| ID | Hypervisor hostname |
+----+---------------------+
| 1  | Node2               |
+----+---------------------+


附、可能遇到的报错

1、烦人的警告信息

[root@Node1 ~]# nova p_w_picpath-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

需要5以上的版本的gmp:

解决方法:下载gmp 5以上的版本,编译安装

# ./configure 

# make

# make check

# make install


# yum install python-devel

# yum install python-pip -y

# pip install --ignore-installed PyCrypto

# service openstack-keystone restart


2、在配置Computer service时,启动openstack-nova-novncproxy时无法正常启动。

[root@controller ~]# service openstack-nova-novncproxy start
Starting openstack-nova-novncproxy:                        [  OK  ]
[root@controller ~]# service openstack-nova-novncproxy status
openstack-nova-novncproxy dead but pid file exists

然后改用手动启动服务,依旧不行,报错信息如下:

[root@controller ~]# /usr/bin/python /usr/bin/nova-novncproxy --web /usr/share/novnc/
Traceback (most recent call last):
  File "/usr/bin/nova-novncproxy", line 10, in 
    sys.exit(main())
  File "/usr/lib/python2.6/site-packages/nova/cmd/novncproxy.py", line 87, in main
    wrap_cmd=None)
  File "/usr/lib/python2.6/site-packages/nova/console/websocketproxy.py", line 47, in __init__
    ssl_target=None, *args, **kwargs)
  File "/usr/lib/python2.6/site-packages/websockify/websocketproxy.py", line 231, in __init__
    websocket.WebSocketServer.__init__(self, RequestHandlerClass, *args, **kwargs)
TypeError: __init__() got an unexpected keyword argument 'no_parent'

        查阅了相关信息后发现是由于python-websockify的版本导致的,openstack-icehouse需要的python-websockify版本<=0.5.1,但是在安装时默认使用了epel源中的0.6.0版本。配置好icehouse的源后,对该软件包进行降级即可。

[root@controller ~]# yum list | grep websockify
python-websockify.noarch                    0.5.1-1.el6                  @openstack-icehouse
python-websockify.noarch                    0.6.0-3.el6                  epel
[root@controller ~]# yum downgrade python-websockify-0.5.1-1.el6.noarch