openstack迁移总汇
目录
1 热迁移之block-migration
1.1 查看物理主机CPU
1.2 修改hosts文件
1.3 开启热迁移
1.4 修改防火墙
1.5 virsh测试是否可以连通对端机器
1.5.1 方法1
1.5.2 方法2
1.6 迁移情况
1.7 下面的作为参考
1.7.1 主机
1.7.2 各节点之间nova账号无密码访问
1.7.3 可选操作
1.8 注意事项
1.8.1 事项1
1.8.2 事项2
2 冷迁移
2.1 方法1
2.1.1 在YUN-19上,修改数据库
2.1.2 实例文件拷贝
2.1.3 查看文件
2.1.4 新建与迁移的实例关联的网桥
2.2 方法2
2.2.1 转换镜像格式
2.2.2 查看镜像信息
2.2.3 几种镜像格式的比较:
2.2.4 注意事项
2.2.5 把镜像disk4拷贝到YUN-19上
2.2.6 linux实例做迁移
2.2.7 补充一
2.2.8 补充二
3 参考文档
# cat /proc/cpuinfo |grep name |cut -f2 -d:|uniq -c
YUN-11、YUN-12(主机名)
32 Intel(R) Xeon(R) CPU E5-2640 v2 @ 2.00GHz
YUN-13、YUN-14
64 Intel(R) Xeon(R) CPU E7- 4830 @ 2.13GHz
test-compute
8 Intel(R) Xeon(R) CPU E5-2407 0 @ 2.20GHz
还有后来添加的主机YUN-17
192 Intel(R) Xeon(R) CPU E7-8850 v2 @ 2.30GHz
(每个迁移涉及的节点上都做此操作)
# vi /etc/hosts
添加
192.168.0.11 YUN-11
192.168.0.12 YUN-12
192.168.0.13 YUN-13
192.168.0.14 YUN-14
192.168.0.126 test-compute
192.168.0.17 YUN-17
(每个迁移涉及的节点上都做此操作)
# vi /etc/nova/nova.conf
# Migration flags to be set for live migration (string value)
#live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER
to
# Migration flags to be set for live migration (string value)
live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_UNSAFE
# vi /etc/sysconfig/iptables
修改之前的防火墙配置
YUN-11防火墙
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.11" -j ACCEPT
YUN-12防火墙
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.12" -j ACCEPT
-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.13" -j ACCEPT
YUN-13防火墙
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.12" -j ACCEPT
-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.13" -j ACCEPT
YUN-14的防火墙
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.14" -j ACCEPT
测试机的防火墙
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.126" -j ACCEPT
YUN-17的防火墙
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 5900:5999,16509 -m comment --comment "001 nova compute incoming nova_compute" -j ACCEPT
-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.17" -j ACCEPT
修改之后的防火墙配置
YUN-11
添加
# by sxzhou-
A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.12" -j ACCEPT
-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.13" -j ACCEPT
-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.14" -j ACCEPT
-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.126" -j ACCEPT
-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.11_192.168.0.17" -j ACCEPT
YUN-12
添加
# by sxzhou
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.11" -j ACCEPT
-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.14" -j ACCEPT
-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.126" -j ACCEPT
-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.12_192.168.0.17" -j ACCEPT
YUN-13
添加
# by sxzhou
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.11" -j ACCEPT
-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.14" -j ACCEPT
-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.126" -j ACCEPT
-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.13_192.168.0.17" -j ACCEPT
YUN-14
添加
# by sxzhou -A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.11" -j ACCEPT
-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.12" -j ACCEPT
-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.13" -j ACCEPT
-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.126" -j ACCEPT
-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.14_192.168.0.17" -j ACCEPT
测试机
添加
# by sxzhou
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.11" -j ACCEPT
-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.12" -j ACCEPT
-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.13" -j ACCEPT
-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.14" -j ACCEPT
-A INPUT -s 192.168.0.17/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.126_192.168.0.17" -j ACCEPT
YUN-17
添加
# by sxzhou
-A INPUT -s 192.168.0.11/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.11" -j ACCEPT
-A INPUT -s 192.168.0.12/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.12" -j ACCEPT
-A INPUT -s 192.168.0.13/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.13" -j ACCEPT
-A INPUT -s 192.168.0.14/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.14" -j ACCEPT
-A INPUT -s 192.168.0.126/32 -p tcp -m multiport --dports 16509,49152:49215 -m comment --comment "001 nova qemu migration incoming nova_qemu_migration_192.168.0.17_192.168.0.126" -j ACCEPT
保存退出后记得重启防火墙的服务
(要测试其余每台机器)
两种测试方式:
以YUN-11为例,测试与YUN-12的连通性
在YUN-11主机上
virsh # connect qemu+tcp://192.168.0.12/system
正常情况下将列出YUN-12上的实例
下面是异常情况
virsh # connect qemu+tcp://192.168.0.12/system
error: Failed to connect to the hypervisor
error: unable to connect to server at '192.168.0.13:16509': No route to host
异常情况的话就要查看上面所述的配置是否有误
# virsh
virsh # connect qemu+tcp://192.168.0.12/system
查看主机名确认
virsh # hostname
YUN-12
在dash中选择【管理员】-【实例】,在要迁移的主机后面点击下拉菜单,再点击“实例热迁移”,再选择“块迁移”
YUN-11可以迁移到YUN-12和YUN-17
YUN-12可以迁移到YUN-17
YUN-13可以迁移到YUN-12和test-compute
YUN-13可以迁移到YUN-12和test-compute
test-compute可以迁移到YUN-12
YUN-17不可以迁移
注:
其他机器无法迁移到YUN-11和YUN-13的原因是这两台机器的磁盘空间被超量使用
从上面的测试可以分析出各主机迁移CPU的优先级
YUN-17 < YUN-13、YUN-14 < YUN-126 < YUN-11、YUN-12
当迁移失败,并且在日志文件中查看到下面所示的出错信息时,就说明两台节点的物理资源不匹配
InvalidCPUInfo: Unacceptable CPU info: CPU doesn't have compatibility.
查看的日志主要有控制节点的/var/log/nova/api.log和计算节点的/var/log/nova/compute.log
在刚开始的迁移测试中,是这样的
操作对象:
主机IP 主机名 角色
192.168.0.11 YUN-11 控制节点
192.168.0.12 YUN-12 扩展节点
192.168.0.126 test-compute 测试机
注意:本测验是虽然以控制节点为例,但是每台涉及迁移的主机都要做操作
# usermod -s /bin/bash nova
# su nova
$ cd
$ ssh-keygen
$ touch .ssh/authorized_keys
以控制节点为例
$ scp root@192.168.0.12:/var/lib/nova/.ssh/id_rsa.pub .
$ cat id_rsa.pub >> .ssh/authorized_keys
$ scp root@192.168.0.126:/var/lib/nova/.ssh/id_rsa.pub .
$ cat id_rsa.pub >> .ssh/authorized_keys
之后两个扩展节点就能够利用nova用户无密码访问控制节点了
依照这种方法在其他节点做类似操作,最终就会实现各节点之间nova用户的无密码访问
【可选,确认即可】网上文档上做了修改,但是本集群按默认配置
如果希望可以在Dashboard里设置root的密码
inject_password=true
修改虚拟机配置,不需要迁移
allow_resize_to_same_host=true
(可选)
迁移和修改配置,不需要手工确认,1表示1秒的时间让你确认,如果没确认就继续
resize_confirm_window=1
重启服务
service openstack-nova-compute restart
所有的节点上修改nova.conf
live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_UNSAFE
开启热迁移功能
【确认即可,此处也按系统默认配置】
然后需要配置versh免密码连接,修改/etc/libvirt/libvirtd.conf
去掉注释
listen_tls = 0
listen_tcp = 1
去掉注释并修改值
auth_tcp = “none” # 注意这里必须设为none,否则需要认证。
测试下:
virsh --connect qemu+tcp://192.168.0.12/system list
virsh --connect qemu+tcp://192.168.0.126/system list
如果不需要输入用户名和密码就能够列出所有的虚拟机,则表示配置成功。
重启所有计算节点nova-compute libvirt-bin服务
此时就可以使用novaclient命令进行迁移,比如要把vm1从测试机迁移到YUN-12,则
nova live-migration --block-migrate vm1 YUN-12
注意选项--block-migrate是必要的,否则默认以共享存储的方式迁移,另外需要在控制节点做/etc/hosts文件主机名和IP的解析
测试迁移【事实证明防火墙不可以关闭】
测试迁移并没有成功,在关闭YUN-12和test-compute防火墙后再次测试,迁移成功。需要注意的是控制节点关闭防火墙失败
需要注意的是做热迁移的过程中发现,关闭各节点防火墙就可以做迁移(不做修改防火墙的步骤),但是整个集群出现异常,各节点不能够创建实例,所以对于各节点的防火墙不能关闭,只能做策略。
做nova用户无密码访问是否需要做还不太明确,在刚开始的测试中都是做的,就是上面提到的三台机器,不过在后来的试验中,不断有新加进来测试的机器都没有做,所以应该是不需要。