2. 软件开发
    3. openstack 管理三十一 - rpm 方式部署 openstack [nova]

    openstack 管理三十一 - rpm 方式部署 openstack [nova]

    xiaoxiao2026-04-24  8

    作用

    1 响应云主机请求, 并把连接调度至对应的 compute 节点 2 提供 console 认证服务 3 提供 vnc 访问云主机功能

    软件安装

    # yum install -y openstack-nova-api openstack-nova-compute openstack-nova-conductor openstack-nova-scheduler python-cinderclient openstack-utils openstack-nova-novncproxy openstack-nova-console

    配置 vnc 服务

    # openstack-config --set /etc/nova/nova.conf DEFAULT openstack-config --set /etc/nova/nova.conf DEFAULT xvpvncproxy_base_url http://0.0.0.0:6081/console # openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0 # openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 0.0.0.0 # openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled true # openstack-config --set /etc/nova/nova.conf DEFAULT vpvncproxy_port 6081 # openstack-config --set /etc/nova/nova.conf DEFAULT xvpvncproxy_host 0.0.0.0 # openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_host=0.0.0.0 # openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_port=6080

    配置 keystone 验证

    # openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone # openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 240.10.130.25 # openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357 # openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http # openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://240.10.130.25:5000/ # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password nova # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service # openstack-config --set /etc/nova/api-paste.ini filter:authtoken auth_host 240.10.130.25 # openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_tenant_name service # openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_user nova # openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_password nova # openstack-config --set /etc/nova/api-paste.ini filter:authtoken paste.filter_factory keystoneclient.middleware.auth_token:filter_factory

    nova 连接 glance

    # openstack-config --set /etc/nova/nova.conf DEFAULT glance_host 10.199.130.25 # openstack-config --set /etc/nova/nova.conf DEFAULT glance_port 9292 # openstack-config --set /etc/nova/nova.conf DEFAULT glance_protocol http # openstack-config --set /etc/nova/nova.conf DEFAULT glance_api_servers 10.199.130.25:9292 # openstack-config --set /etc/nova/nova.conf DEFAULT image_service nova.image.glance.GlanceImageService

    nova 连接 rabbitmq

    # openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit # openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host 240.10.130.25 # openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_port 5672 # openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_userid nova # openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password openstack

    设定虚拟云主机超配

    # openstack-config --set /etc/nova/nova.conf DEFAULT cpu_allocation_ratio=16.0 # openstack-config --set /etc/nova/nova.conf DEFAULT ram_allocation_ratio=1.5 # openstack-config --set /etc/nova/nova.conf DEFAULT reserved_host_memory_mb=1024 # openstack-config --set /etc/nova/nova.conf DEFAULT reserved_host_disk_mb=0

    nova 节点启用 metadata-proxy 连接 metadata

    # openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis ec2,osapi_compute,metadata # openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0 # openstack-config --set /etc/nova/nova.conf DEFAULT metadata_workers 24 # openstack-config --set /etc/nova/nova.conf DEFAULT rootwrap_config /etc/nova/rootwrap.conf # openstack-config --set /etc/nova/nova.conf DEFAULT use_forwarded_for False # openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy True # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret 744ee65672684281 # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_default_tenant_id default # openstack-config --set /etc/nova/nova.conf DEFAULT metadata_host 240.10.130.30

    nova 连接 neutron

    # openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://240.10.130.29:9696/ # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password neutron # openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://240.10.130.25:35357/v2.0 # openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron # openstack-config --set /etc/nova/nova.conf DEFAULT firewall_drivernova.virt.firewall.NoopFirewallDriver

    指定 libvirt 连接驱动

    openstack-config --set /etc/nova/nova.conf libvirt vif_driver nova.virt.libvirt.vif.LibvirtGenericVIFDriver

    支持 ovs 网络 plugin

    openstack-config --set /etc/nova/nova.conf libvirt vif_driver nova.virt.libvirt.vif.LibvirtGenericVIFDriver

    nova 连接 db

    openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:openstack@240.10.130.25/nova

    初始化数据

    当数据库配置成功, 则下面命令能够在数据库上产生 108 个表

    sudo -u nova nova-manage db sync

    服务启动

    # service openstack-nova-consoleauth restart # service openstack-nova-novncproxy restart # service messagebus restart # service libvirtd restart # service openstack-nova-api restart # service openstack-nova-scheduler restart # service openstack-nova-conductor restart

    创建防火墙

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova agent-list +----------+------------+----+--------------+---------+---------+-----+ | Agent_id | Hypervisor | OS | Architecture | Version | Md5hash | Url | +----------+------------+----+--------------+---------+---------+-----+ +----------+------------+----+--------------+---------+---------+-----+

    检测服务状态

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova service-list +------------------+-----------------------------------+----------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+-----------------------------------+----------+---------+-------+----------------------------+-----------------+ | nova-consoleauth | hh-yun-compute-130030.vclound.com | internal | enabled | up | 2014-10-11T02:36:15.000000 | - | | nova-scheduler | hh-yun-compute-130030.vclound.com | internal | enabled | up | 2014-10-11T02:36:16.000000 | - | | nova-conductor | hh-yun-compute-130030.vclound.com | internal | enabled | up | 2014-10-11T02:36:16.000000 | - | | nova-compute | hh-yun-compute-130030.vclound.com | nova | disabled| down | 2014-10-11T02:36:16.000000 | - | +------------------+-----------------------------------+----------+---------+-------+----------------------------+-----------------+

    检测网络

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova network-list +--------------------------------------+---------+------+ | ID | Label | Cidr | +--------------------------------------+---------+------+ | b26b81fc-bda9-4882-950c-614e9546bcd1 | ext_net | - | +--------------------------------------+---------+------+

    检测安全组

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list +--------------------------------------+---------+-------------+ | Id | Name | Description | +--------------------------------------+---------+-------------+ | 9caa0d6f-c063-46f9-ab3b-845962ac836b | default | default | +--------------------------------------+---------+-------------+

    检测规则

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | | | | | default | | | | | | default | +-------------+-----------+---------+-----------+--------------+

    为 default 安全组加添规则

    # nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 > /dev/null # nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 > /dev/null # nova secgroup-add-rule default udp 53 53 0.0.0.0/0 > /dev/null

    验证

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | | | | | | default | | tcp | 22 | 22 | 0.0.0.0/0 | | | udp | 53 | 53 | 0.0.0.0/0 | | | | | | | default | +-------------+-----------+---------+-----------+--------------+

    创建新的安全组

    # nova secgroup-create terry_test_rule "allow ping and ssh" > /dev/null # nova secgroup-add-rule terry_test_rule icmp -1 -1 0.0.0.0/0 > /dev/null # nova secgroup-add-rule terry_test_rule tcp 22 22 0.0.0.0/0 > /dev/null # nova secgroup-add-rule terry_test_rule udp 53 53 0.0.0.0/0 > /dev/null

    验证

    [root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list-rules terry_test_rule +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | | udp | 53 | 53 | 0.0.0.0/0 | | | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+
    最新回复(0)