nova安装与配置（控制节点）

Nova是OpenStack中的计算服务。OpenStack中虚拟机实例（instance）生命周期都是由Nova服务来管理完成，包括实例创建、调度、删除等。

nova服务包含一系列组件，其中有nova-api、nova-conductor、nova-scheduler、nova-compute、nova-novncproxy 、

nova-scheduler：用于接收创建虚拟机的请求，把nova-api创建虚拟机的请求映射为OpenStack将要调度哪个服务器来响应运行实例的请求，会根据诸如CPU构架、可用域、内存、负载等作出调度决策。

nova-api：对外提供API接口来管理内部基础设施，例如启动停止实例。

nova-conductor：nova-compute和数据库之间的一个组件，nova-conductor建立的初衷是基于安全考虑，避免nova-compute直接访问数据库，即nova-compute对数据库的操作都是交由nova-conductor来完成。

nova-compute：用于管理实例生命周期。通过消息队列接收请求，并承担与虚拟机相关的操作，这些操作需要调用底层Hypervisor API来完成，如KVM的libvirt。nova-compute是安装在每个计算节点上。

nova-novncproxy：提供控制台服务，允许最终用户以vnc方式访问实例控制台，后续如果使用spice-server，需要停止nova-novncproxy服务，使用nova-spicehtml5proxy。

综合对上面组件的介绍，可以看出Nova也是一个非常重要的核心组件，且对应子模块非常多，配置也会变得杂。

1、使用数据库访问客户端以 root 用户身份连接到数据库服务器：

# mysql -uroot -p123

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 17

Server version: 10.3.20-MariaDB MariaDB Server

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

2、创建nova_api、nova和nova_cello数据库

MariaDB [(none)]> CREATE DATABASE nova_api default character set utf8;

MariaDB [(none)]> CREATE DATABASE nova default character set utf8;

MariaDB [(none)]> CREATE DATABASE nova_cell0 default character set utf8;

3、创建并授予 nova 用户完全操作 nova,nova_api,nova_cell0 库权限

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \

IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \

IDENTIFIED BY 'NOVA_DBPASS';

4、创建nova用户

交互式：

# openstack user create --domain default --password-prompt nova

非交互式：

# openstack user create --domain default --password=nova nova

5、将 admin 角色添加到 nova 用户和 service 项目

# openstack role add --project service --user nova admin

6、创建 nova 服务实体

# openstack service create --name nova \

--description "OpenStack Compute" compute

7、创建nova服务 API 端点

# openstack endpoint create --region RegionOne \

compute public http://controller:8774/v2.1

# openstack endpoint create --region RegionOne \

compute internal http://controller:8774/v2.1

# openstack endpoint create --region RegionOne \

compute admin http://controller:8774/v2.1

使用命令查看

# openstack endpoint list

8、安装nova软件包（不包括nova-compute）

# yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

9、修改配置文件/etc/nova/nova.conf

# cd /etc/nova/ && mv nova.conf nova.conf.source && cat nova.conf.source |grep -Ev "^#|^$" > nova.conf && chown root:nova nova.conf

# vim /etc/nova/nova.conf

在【DEFAULT】部分中，仅启用计算和元数据API

[DEFAULT]

# ...

enabled_apis = osapi_compute,metadata

在【api_database】和【database】部分中，配置数据库访问

[api_database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

在【DEFAULT】部分中，配置RabbitMQ消息队列访问

[DEFAULT]

# ...

transport_url = rabbit://openstack:openstack@controller:5672/

配置身份服务访问权限

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000/

auth_url = http://controller:5000/

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = nova

在【DEFAULT】部分，配置my_ip选项以使用控制器节点的管理接口IP地址

[DEFAULT]

# ...

my_ip = 192.168.58.100

在【DEFAULT】部分中，启用对网络服务的支持

[DEFAULT]

# ...

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

在【vnc】部分中，配置VNC代理以使用控制器节点的管理接口IP地址

[vnc]

enabled = true

# ...

server_listen = $my_ip

server_proxyclient_address = $my_ip

在【glance】部分中，配置图像服务API的位置

[glance]

# ...

api_servers = http://controller:9292

在【oslo_concurrency】部分中，配置锁路径

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

在【placement】部分中，配置Placement服务的访问权限

[placement]

# ...

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = placement

在[scheduler]部分，配置周期性发现计算节点间隔

[scheduler]

discover_hosts_in_cells_interval = 180

10、同步nova数据库并验证

# su -s /bin/sh -c "nova-manage api_db sync" nova

# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

# su -s /bin/sh -c "nova-manage db sync" nova

说明：忽略 Warning

验证cell0和cell1是否正确注册。

# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+

+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+

+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+

11、启动nova服务并设置为开机自启动

# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

ps：注册完nova计算节点后再进行操作

发现计算节点

# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

以后添加新的计算节点时，必须在控制器节点上运行 su -s /bin/sh -c “nova-manage cell_v2 discover_hosts --verbose” nova 以注册这些新的计算节点

查看计算服务组件状态

# openstack compute service list

+----+----------------+------------+----------+---------+-------+----------------------------+

+----+----------------+------------+----------+---------+-------+----------------------------+

| 3 | nova-conductor | controller | internal | enabled | up | 2024-02-27T20:29:06.000000 |

| 4 | nova-scheduler | controller | internal | enabled | up | 2024-02-27T20:29:07.000000 |

| 5 | nova-compute | compute02 | nova | enabled | up | 2024-02-27T20:29:02.000000 |

| 6 | nova-compute | compute01 | nova | enabled | up | 2024-02-27T20:29:07.000000 |

+----+----------------+------------+----------+---------+-------+----------------------------+

禁用计算节点

openstack compute service set compute02 nova-compute --disable

删除计算节点

# openstack compute service delete ID

列出keystone服务中的API端点以验证与Identity服务的连接。

# openstack catalog list

+-----------+-----------+-----------------------------------------+

| Name | Type | Endpoints |

+-----------+-----------+-----------------------------------------+

| nova | compute | RegionOne |

| | | internal: http://controller:8774/v2.1 |

| | | RegionOne |

| | | public: http://controller:8774/v2.1 |

| | | RegionOne |

| | | admin: http://controller:8774/v2.1 |

| | | |

| glance | image | RegionOne |

| | | internal: http://controller:9292 |

| | | RegionOne |

| | | admin: http://controller:9292 |

| | | RegionOne |

| | | public: http://controller:9292 |

| | | |

| keystone | identity | RegionOne |

| | | internal: http://controller:5000/v3/ |

| | | RegionOne |

| | | admin: http://controller:5000/v3/ |

| | | RegionOne |

| | | public: http://controller:5000/v3/ |

| | | |

| placement | placement | RegionOne |

| | | admin: http://controller:8778 |

| | | RegionOne |

| | | public: http://controller:8778 |

| | | RegionOne |

| | | internal: http://controller:8778 |

| | | |

+-----------+-----------+-----------------------------------------+

检查Cells和placement API是否正常运行

# nova-status upgrade check

+--------------------------------+

| Upgrade Check Results |

+--------------------------------+

| Check: Cells v2 |

| Result: Success |

| Details: None |

+--------------------------------+

| Check: Placement API |

| Result: Success |

| Details: None |

+--------------------------------+

| Check: Ironic Flavor Migration |

| Result: Success |

| Details: None |

+--------------------------------+

| Check: Cinder API |

| Result: Success |

| Details: None |

+--------------------------------+

总结：

nova:负责维护和管理云环境的计算资源

1.nova可以为op内部提供标准化服务

2.同时也会为op外部相关的一些组件提供标准化服务

3.只要和虚拟机生命周期相关的操作，nova-api都可以响应

控制节点nova.conf

[DEFAULT]

my_ip = 192.168.58.100

# my_ip = 控制节点IP

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

transport_url = rabbit://openstack:openstack@controller:5672/

enabled_apis = osapi_compute,metadata

[api]

auth_strategy = keystone

[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[barbican]

[cache]

[cinder]

[compute]

[conductor]

[console]

[consoleauth]

[cors]

[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[devices]

[ephemeral_storage_encryption]

[filter_scheduler]

[glance]

api_servers = http://controller:9292

[guestfs]

[healthcheck]

[hyperv]

[ironic]

[key_manager]

[keystone]

[keystone_authtoken]

www_authenticate_uri = http://controller:5000/

auth_url = http://controller:5000/

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = nova

[libvirt]

[metrics]

[mks]

[neutron]

[notifications]

[osapi_v21]

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_middleware]

[oslo_policy]

[pci]

[placement]

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = placement

[powervm]

[privsep]

[profiler]

[quota]

[rdp]

[remote_debug]

[scheduler]

discover_hosts_in_cells_interval = 180

[serial_console]

[service_user]

[spice]

[upgrade_levels]

[vault]

[vendordata_dynamic_auth]

[vmware]

[vnc]

enabled = true

# ...

server_listen = $my_ip

server_proxyclient_address = $my_ip

[workarounds]

[wsgi]

[xenserver]

[xvp]

[zvm]