作用

1 响应云主机请求, 并把连接调度至对应的 compute 节点
2 提供 console 认证服务
3 提供 vnc 访问云主机功能

软件安装

# yum install -y openstack-nova-api openstack-nova-compute openstack-nova-conductor openstack-nova-scheduler python-cinderclient openstack-utils openstack-nova-novncproxy  openstack-nova-console

配置 vnc 服务

# openstack-config --set /etc/nova/nova.conf DEFAULT openstack-config --set /etc/nova/nova.conf DEFAULT xvpvncproxy_base_url http://0.0.0.0:6081/console
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled true
# openstack-config --set /etc/nova/nova.conf DEFAULT vpvncproxy_port 6081
# openstack-config --set /etc/nova/nova.conf DEFAULT xvpvncproxy_host 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_host=0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_port=6080

配置 keystone 验证

# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 240.10.130.25
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://240.10.130.25:5000/
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/api-paste.ini filter:authtoken auth_host 240.10.130.25
# openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_tenant_name service
# openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_user nova
# openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_password nova
# openstack-config --set /etc/nova/api-paste.ini filter:authtoken paste.filter_factory keystoneclient.middleware.auth_token:filter_factory

nova 连接 glance

# openstack-config --set /etc/nova/nova.conf DEFAULT glance_host 10.199.130.25
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_port 9292
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_protocol http
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_api_servers 10.199.130.25:9292
# openstack-config --set /etc/nova/nova.conf DEFAULT image_service nova.image.glance.GlanceImageService

nova 连接 rabbitmq

# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host 240.10.130.25
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_port 5672
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_userid nova
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password openstack

设定虚拟云主机超配

# openstack-config --set /etc/nova/nova.conf DEFAULT cpu_allocation_ratio=16.0
# openstack-config --set /etc/nova/nova.conf DEFAULT ram_allocation_ratio=1.5
# openstack-config --set /etc/nova/nova.conf DEFAULT reserved_host_memory_mb=1024
# openstack-config --set /etc/nova/nova.conf DEFAULT reserved_host_disk_mb=0

nova 节点启用 metadata-proxy 连接 metadata

# openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis ec2,osapi_compute,metadata
# openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT metadata_workers 24
# openstack-config --set /etc/nova/nova.conf DEFAULT rootwrap_config /etc/nova/rootwrap.conf
# openstack-config --set /etc/nova/nova.conf DEFAULT use_forwarded_for False
# openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy True
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret 744ee65672684281
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_default_tenant_id default
# openstack-config --set /etc/nova/nova.conf DEFAULT metadata_host 240.10.130.30

nova 连接 neutron

# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://240.10.130.29:9696/
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://240.10.130.25:35357/v2.0
# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_drivernova.virt.firewall.NoopFirewallDriver

指定 libvirt 连接驱动

openstack-config --set /etc/nova/nova.conf libvirt vif_driver nova.virt.libvirt.vif.LibvirtGenericVIFDriver

支持 ovs 网络 plugin

openstack-config --set /etc/nova/nova.conf libvirt vif_driver nova.virt.libvirt.vif.LibvirtGenericVIFDriver

nova 连接 db

openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:openstack@240.10.130.25/nova

初始化数据

当数据库配置成功, 则下面命令能够在数据库上产生 108 个表

sudo -u nova nova-manage db sync

服务启动

# service openstack-nova-consoleauth restart
# service openstack-nova-novncproxy restart
# service messagebus restart
# service libvirtd restart
# service openstack-nova-api restart
# service openstack-nova-scheduler restart
# service openstack-nova-conductor restart

创建防火墙

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova agent-list
+----------+------------+----+--------------+---------+---------+-----+
| Agent_id | Hypervisor | OS | Architecture | Version | Md5hash | Url |
+----------+------------+----+--------------+---------+---------+-----+
+----------+------------+----+--------------+---------+---------+-----+

检测服务状态

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova service-list
+------------------+-----------------------------------+----------+---------+-------+----------------------------+-----------------+
| Binary           | Host                              | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+------------------+-----------------------------------+----------+---------+-------+----------------------------+-----------------+
| nova-consoleauth | hh-yun-compute-130030.vclound.com | internal | enabled | up    | 2014-10-11T02:36:15.000000 | -               |
| nova-scheduler   | hh-yun-compute-130030.vclound.com | internal | enabled | up    | 2014-10-11T02:36:16.000000 | -               |
| nova-conductor   | hh-yun-compute-130030.vclound.com | internal | enabled | up    | 2014-10-11T02:36:16.000000 | -               |
| nova-compute     | hh-yun-compute-130030.vclound.com | nova     | disabled| down  | 2014-10-11T02:36:16.000000 | -               |
+------------------+-----------------------------------+----------+---------+-------+----------------------------+-----------------+

检测网络

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova network-list
+--------------------------------------+---------+------+
| ID                                   | Label   | Cidr |
+--------------------------------------+---------+------+
| b26b81fc-bda9-4882-950c-614e9546bcd1 | ext_net | -    |
+--------------------------------------+---------+------+

检测安全组

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list
+--------------------------------------+---------+-------------+
| Id                                   | Name    | Description |
+--------------------------------------+---------+-------------+
| 9caa0d6f-c063-46f9-ab3b-845962ac836b | default | default     |
+--------------------------------------+---------+-------------+

检测规则

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
|             |           |         |           | default      |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+

为 default 安全组加添规则

# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 > /dev/null
# nova secgroup-add-rule default tcp  22 22 0.0.0.0/0 > /dev/null
# nova secgroup-add-rule default udp 53 53 0.0.0.0/0 > /dev/null

验证

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| udp         | 53        | 53      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+

创建新的安全组

# nova secgroup-create terry_test_rule "allow ping and ssh" > /dev/null
# nova secgroup-add-rule terry_test_rule icmp -1 -1 0.0.0.0/0 > /dev/null
# nova secgroup-add-rule terry_test_rule tcp  22 22 0.0.0.0/0 > /dev/null
# nova secgroup-add-rule terry_test_rule udp 53 53 0.0.0.0/0 > /dev/null

验证

[root@hh-yun-compute-130025 ~(keystone_admin)]# nova secgroup-list-rules terry_test_rule
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| udp         | 53        | 53      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+