Openstackコンポーネントの導入-Nova_Controller Nodeのインストールと構成
32217 ワード
目次
前文リスト
Openstackコンポーネントの導入-Overviewと前期環境準備Openstack構築導入-Environment of Control Node Openstackコンポーネントの導入-Keystone機能紹介と認証実装プロセスOpenstackコンポーネントの導入-Keystone Install&Create service entity and API endpoints Openstackコンポーネントの導入-keystone(domain,projects,users,and roles)Openstackコンポーネント実装原理-Keystone認証機能Openstack構築実装-Glance Install Openstackコンポーネント実装原理-Glanceアーキテクチャ(V 1/V 2)Openstackコンポーネント実装-Nova overview
Prerequisites前提条件
Before you install and configure the Compute service, you must create databases, service credentials, and API endpoints. Computeサービスをインストールして指定する前に、Computeサービスのデータベース、サービス証明書、API Endpointsを作成する必要があります.
To create the databases
Use the database access client to connect to the database server as the root user:rootユーザーを使用してMySQLにログイン
mysql -u root -pfanguijuCreate the
nova_api and nova databases:nova_apiとnovaの2つのデータベースを作成するMariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)Grant proper access to the databases:
novaおよびnova_apiデータベースを作成するユーザーnovaは、novaおよびnova_apiデータベースに対するnovaユーザーの完全な制御権限を付与します.GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'fanguiju';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'fanguiju';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'fanguiju';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'fanguiju';Example:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'fanguiju';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'fanguiju';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'fanguiju';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'fanguiju';
Query OK, 0 rows affected (0.00 sec)Exit the database access client
To create the service credentials
Source the admin credentials to gain access to admin-only CLI commands:admin環境変数スクリプトの実行
. admin-openrcCreate the nova user:novaユーザーの作成
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password: +-----------+----------------------------------+
| Field | Value | +-----------+----------------------------------+
| domain_id | 011fbf8c04f1479ab1a4e49b019b22d1 | | enabled | True | | id | 90a93575ebff4311a919d91db888938c | | name | nova | +-----------+----------------------------------+Add the admin role to the nova user:ProjectサービスのUser novaにRole adminを追加する
openstack role add --project service --user nova adminCreate the novaサービスentity:novaサービスエンティティの作成
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value | +-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 3af0ba8834ad4d57ae4b88774e62358b |
| name | nova |
| type | compute | +-------------+----------------------------------+Create the Compute service API endpoints
ComputeサービスのAPI Endpointsの作成
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller.jmilk.com:8774/v2.1/%\(tenant_id\)s
+--------------+-----------------------------------------------------+
| Field | Value |
+--------------+-----------------------------------------------------+
| enabled | True |
| id | 1a96143b3d6d46fc8fe17a70043b6448 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3af0ba8834ad4d57ae4b88774e62358b |
| service_name | nova |
| service_type | compute |
| url | http://controller.jmilk.com:8774/v2.1/%(tenant_id)s |
+--------------+-----------------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller.jmilk.com:8774/v2.1/%\(tenant_id\)s
+--------------+-----------------------------------------------------+
| Field | Value |
+--------------+-----------------------------------------------------+
| enabled | True |
| id | a2b2b6ebe6a3450dabdaf19d0ff00f97 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3af0ba8834ad4d57ae4b88774e62358b |
| service_name | nova |
| service_type | compute |
| url | http://controller.jmilk.com:8774/v2.1/%(tenant_id)s |
+--------------+-----------------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller.jmilk.com:8774/v2.1/%\(tenant_id\)s
+--------------+-----------------------------------------------------+
| Field | Value |
+--------------+-----------------------------------------------------+
| enabled | True |
| id | 33d0c267549f4ecd89c0063ad16c41df |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3af0ba8834ad4d57ae4b88774e62358b |
| service_name | nova |
| service_type | compute |
| url | http://controller.jmilk.com:8774/v2.1/%(tenant_id)s |
+--------------+-----------------------------------------------------+Install and configure components
Install the packages
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -yEdit the /etc/nova/nova.conf file
In the
[DEFAULT] section,enable only the compute and metadata APIs:[DEFAULT]ノードでの有効化はcomputeとmetadata APIs vim/etc/nova/novaのみを許可するように構成する.conf [DEFAULT]
enabled_apis = osapi_compute,metadataIn the
[api_database] and [database] sections,configure database access:novaおよびnova_apiデータベースに接続されたアクセスプロトコルの構成[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
connection = mysql+pymysql://nova:[email protected]/novaIn the
[DEFAULT] and [oslo_messaging_rabbit] sections,configure RabbitMQ message queue access:RabbitMQメッセージキューアクセスの構成[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller.jmilk.com
rabbit_userid = openstack
rabbit_password = fanguijuIn the
[DEFAULT] and [keystone_authtoken] sections,configure Identity service access:Identity service認証サービスの構成[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = fanguijuNote:Comment out or remove any other options in the [keystone_authtoken] section. 注記:[keystone_authtoken]ノードのすべてのパラメータオプションをコメントまたは削除します.
In the
[DEFAULT] section, configure the my_ip option to use the management interface IP address of the controller node:my_ipオプションをController Noteの管理インタフェースIP(Controller Node Host IP)に設定[DEFAULT]
my_ip = 192.168.1.5In the
[DEFAULT] section, enable support for the Networking service: [DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriverNote:By default, Compute uses an internal firewall driver. Since the Networking service includes a firewall driver, you must disable the Compute firewall driver by using the nova.virt.firewall.NoopFirewallDriver firewall driver. 注:デフォルトでは、Computeは
internal firewall driverを使用します.Networking serviceはfirewall driverを含んでいるので、nova.virt.firewall.NoopFirewallDriver firewall driverを通じてこのCompute firewall driverを閉じなければなりません.In the
[vnc] section,configure the VNC proxy to use the management interface IP address of the controller node:VNCdialing service Controller Nodeを使用した管理インタフェースIP(Controller Node Host IP)の構成[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ipIn the
[glance] section,configure the location of the Image service API:Image service APIを構成するURL[glance]
api_servers = http://controller.jmilk.com:9292In the [oslo_concurrency]* section, configure the lock path:*
[oslo_concurrency]
lock_path = /var/lib/nova/tmp一覧:
[root@controller ~]# cat /etc/nova/nova.conf | grep -v ^$ | grep -v ^#
[DEFAULT]
auth_strategy = keystone
rpc_backend = rabbit
my_ip = 192.168.1.5
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[barbican]
[cache]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://nova:[email protected]/nova
[ephemeral_storage_encryption]
[glance]
api_servers = http://controller.jmilk.com:9292
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://controller.jmilk.com:5000
auth_url = http://controller.jmilk.com:35357
memcached_servers = controller.jmilk.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = fanguiju
[libvirt]
[matchmaker_redis]
[metrics]
[neutron]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller.jmilk.com
rabbit_userid = openstack
rabbit_password = fanguiju
[oslo_middleware]
[oslo_policy]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[xenserver]Populate the Compute databases
Computeサービスの
novaおよびnova_apiデータベースの初期化su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" novaExample:
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'block_device_mapping_instance_uuid_virtual_name_device_name_idx' defined on the table 'nova.block_device_mapping'. This is deprecated and will be disallowed in a future release.
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'uniq_instances0uuid' defined on the table 'nova.instances'. This is deprecated and will be disallowed in a future release.
result = self._query(query)Note:Ignore any deprecation messages in this output. 注意:無効な出力情報はすべて無視されます.
novaデータベースとnova_apiデータベースが正常に作成されたかどうかを確認します.MariaDB [nova]> use nova
Database changed
MariaDB [nova]> show tables;
+--------------------------------------------+
| Tables_in_nova |
+--------------------------------------------+
| agent_builds |
| aggregate_hosts |
| aggregate_metadata |
| aggregates |
| allocations |
| block_device_mapping |
| bw_usage_cache |
| cells |
| certificates |
| compute_nodes |
| console_pools |
| consoles |
| dns_domains |
| fixed_ips |
| floating_ips |
| instance_actions |
| instance_actions_events |
| instance_extra |
| instance_faults |
| instance_group_member |
| instance_group_policy |
| instance_groups |
| instance_id_mappings |
| instance_info_caches |
| instance_metadata |
| instance_system_metadata |
| instance_type_extra_specs |
| instance_type_projects |
| instance_types |
| instances |
| inventories |
| key_pairs |
| migrate_version |
| migrations |
| networks |
| pci_devices |
| project_user_quotas |
| provider_fw_rules |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| resource_provider_aggregates |
| resource_providers |
| s3_images |
| security_group_default_rules |
| security_group_instance_association |
| security_group_rules |
| security_groups |
| services |
| shadow_agent_builds |
| shadow_aggregate_hosts |
| shadow_aggregate_metadata |
| shadow_aggregates |
| shadow_block_device_mapping |
| shadow_bw_usage_cache |
| shadow_cells |
| shadow_certificates |
| shadow_compute_nodes |
| shadow_console_pools |
| shadow_consoles |
| shadow_dns_domains |
| shadow_fixed_ips |
| shadow_floating_ips |
| shadow_instance_actions |
| shadow_instance_actions_events |
| shadow_instance_extra |
| shadow_instance_faults |
| shadow_instance_group_member |
| shadow_instance_group_policy |
| shadow_instance_groups |
| shadow_instance_id_mappings |
| shadow_instance_info_caches |
| shadow_instance_metadata |
| shadow_instance_system_metadata |
| shadow_instance_type_extra_specs |
| shadow_instance_type_projects |
| shadow_instance_types |
| shadow_instances |
| shadow_key_pairs |
| shadow_migrate_version |
| shadow_migrations |
| shadow_networks |
| shadow_pci_devices |
| shadow_project_user_quotas |
| shadow_provider_fw_rules |
| shadow_quota_classes |
| shadow_quota_usages |
| shadow_quotas |
| shadow_reservations |
| shadow_s3_images |
| shadow_security_group_default_rules |
| shadow_security_group_instance_association |
| shadow_security_group_rules |
| shadow_security_groups |
| shadow_services |
| shadow_snapshot_id_mappings |
| shadow_snapshots |
| shadow_task_log |
| shadow_virtual_interfaces |
| shadow_volume_id_mappings |
| shadow_volume_usage_cache |
| snapshot_id_mappings |
| snapshots |
| tags |
| task_log |
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
+--------------------------------------------+
109 rows in set (0.00 sec)
MariaDB [nova]> use nova_api
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [nova_api]> show tables;
+--------------------+
| Tables_in_nova_api |
+--------------------+
| build_requests |
| cell_mappings |
| flavor_extra_specs |
| flavor_projects |
| flavors |
| host_mappings |
| instance_mappings |
| migrate_version |
| request_specs |
+--------------------+
9 rows in set (0.00 sec)Finalize installation
Computeサービスを起動し、起動自動起動サービスを構成する
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service