Openstack Rocky でプライベートクラウドを構築する!(4)

前回に引き続き Nova (コントローラーノード向け) のインストールと設定を行っていきます。

環境

ソフト

  • Ubuntu 18.04.1 Server 64bit
  • Openstack Rocky

ハード

※仮想マシンでもいけました。

  • CPUx2
  • MEM 8G
  • SSD 30G
  • NIC 2 枚

IP 構成

  • コントローラー ( vm-nfj-osctrln1 )
  • 公開用 ( 外部 ):10.1.55.11/16
  • 管理用 ( 内部 ):10.2.55.11/16
  • コンピュート ( vm-nfj-oscomp1 )
  • 公開用 ( 外部 ):10.1.55.21/16
  • 管理用 ( 内部 ):10.2.55.21/16

DB テーブルの作成

nova_api, nova, nova_cell0, placement 計 4 つの DB を作成します。

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 164918
Server version: 10.1.37-MariaDB-1~xenial mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.02 sec)

MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.01 sec)

MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.02 sec)

DB アクセス権の設定

nova_api

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
    ->   IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
    ->   IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'10.1.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'10.2.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

nova

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
    ->   IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
    ->   IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.1.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.2.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

nova_cell0

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
    ->   IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
    ->   IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'10.1.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'10.2.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)

placement

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
    ->   IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
    ->   IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'10.1.0.0/16' IDENTIFIED BY 'PLACEMENT_DBPASS';
 
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'10.2.0.0/16' IDENTIFIED BY 'PLACEMENT_DBPASS';
 
Query OK, 0 rows affected (0.01 sec)

ユーザの作成

管理者( admin )権限でアクセスするため CLI に環境変数を設定

$ . admin-openrc

ユーザ nova の作成

パスワードが聞かれるので NOVA_PASS と入力(なんでもいいけど忘れると面倒なので便宜上)

$ openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | c804864020704ad993892e6dadf4c9a6 |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

nova ユーザに admin ロールを追加

$ openstack role add --project service --user nova admin

nova サービスエントリを作成

$ openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

Compute API サービスエンドポイントを作成

public, internal, admin 用にそれぞれ作成する

$ openstack endpoint create --region Tokyo compute public http://vm-nfj-osctrln1:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4295f1356b254bb491dd3527d3cf8ebf |
| interface    | public                           |
| region       | Tokyo                            |
| region_id    | Tokyo                            |
| service_id   | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://vm-nfj-osctrln1:8774/v2.1 |
+--------------+----------------------------------+

$ openstack endpoint create --region Tokyo compute internal http://vm-nfj-osctrln1:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 07d4cc3c039d4fd68845b67d318e4acd |
| interface    | internal                         |
| region       | Tokyo                            |
| region_id    | Tokyo                            |
| service_id   | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://vm-nfj-osctrln1:8774/v2.1 |
+--------------+----------------------------------+

$ openstack endpoint create --region Tokyo compute admin http://vm-nfj-osctrln1:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | aaad2aeef2a140298e1ed606f3f2c776 |
| interface    | admin                            |
| region       | Tokyo                            |
| region_id    | Tokyo                            |
| service_id   | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://vm-nfj-osctrln1:8774/v2.1 |
+--------------+----------------------------------+

Placement サービスの作成

PLACEMENT_PASSをパスワードとして利用

$ openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 0c76eea79d6644aab8966bc0ba5022c9 |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

Placement ユーザを service プロジェクトと admin ロールに追加

$ openstack role add --project service --user placement admin

Placement API エントリを service カタログに追加

$ openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | 07e3c4ab11d34b338297d41467c35c3e |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+

Placement API サービスエンドポイントを作成

public, internal, admin 用を作成します

$ openstack endpoint create --region Tokyo  placement public http://vm-nfj-osctrln1:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 86d3b83e6e72416db0a1e790fda53092 |
| interface    | public                           |
| region       | Tokyo                            |
| region_id    | Tokyo                            |
| service_id   | 07e3c4ab11d34b338297d41467c35c3e |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://vm-nfj-osctrln1:8778      |
+--------------+----------------------------------+

$ openstack endpoint create --region Tokyo placement internal http://vm-nfj-osctrln1:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 15d6b04dff964d8395c7ca6e4cfe55d5 |
| interface    | internal                         |
| region       | Tokyo                            |
| region_id    | Tokyo                            |
| service_id   | 07e3c4ab11d34b338297d41467c35c3e |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://vm-nfj-osctrln1:8778      |
+--------------+----------------------------------+

$ openstack endpoint create --region Tokyo placement admin http://vm-nfj-osctrln1:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 8f95b61167c7424aa84bdaf8dfea3eae |
| interface    | admin                            |
| region       | Tokyo                            |
| region_id    | Tokyo                            |
| service_id   | 07e3c4ab11d34b338297d41467c35c3e |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://vm-nfj-osctrln1:8778      |
+--------------+----------------------------------+

コントローラーノード上での nova コンポーネントのインストールと設定

パッケージのインストール

$ sudo apt install nova-api nova-conductor nova-novncproxy nova-scheduler nova-placement-api

nova コンポーネントの設定

/etc/nova/nova.conf を編集します

[api_database] セクション

NOVA_DBPASS が nova ユーザのパスワード、10.2.2.90 は mysql サーバーの IP です。

 3469 [api_database]
 3470 #connection = sqlite:////var/lib/nova/nova_api.sqlite
 3471 connection = mysql+pymysql://nova:[email protected]/nova_api
[database] セクション

NOVA_DBPASS が nova ユーザのパスワード、10.2.2.90 は mysql サーバーの IP です。

 4556 [database]
 4557 #connection = sqlite:////var/lib/nova/nova.sqlite
 4558 connection = mysql+pymysql://nova:[email protected]/nova
[placement_database] セクション

PCACEMENT_DBPASS が placement ユーザのパスワード、10.2.2.90 は mysql サーバーの IP です。

 8950 [placement_database]
 8951 #
 8952 # The *Placement API Database* is a separate database which can be used with the
 8953 # placement service. This database is optional: if the connection option is not
 8954 # set, the nova api database will be used instead.
 8955 
 8956 #
 8957 # From nova.conf
 8958 #
 8959 
 8960 # The SQLAlchemy connection string to use to connect to the database. (string
 8961 # value)
 8962 #connection = 
 8963 connection = mysql+pymysql://placement:[email protected]/placement
[DEFAULT] セクション

log_dir はコメントアウトしておく。RABBIT_PSSS は RabbitMQ の openstack ユーザパスワードです。my_ip にはコントローラーノードの管理用 IP アドレスを指定します。コンピュートノードでは、デフォルトでファイアウォールが有効となっているため、nove.virt.firewall.NoopFirewallDriver を設定し無効としておく必要があります。[neutron] セクションの設定に関する詳細は、Networking service install guide を参照してください。https://docs.openstack.org/neutron/rocky/install/compute-install-ubuntu.html#configure-the-compute-service-to-use-the-networking-service

    1 [DEFAULT]
    2 #log_dir = /var/log/nova
    3 lock_path = /var/lock/nova
    4 state_path = /var/lib/nova
    5 transport_url = rabbit://openstack:[email protected]
    6 my_ip = 10.2.55.11
    7 use_neutron = true
    8 firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api] セクション

keystone を利用します。

 3177 [api]
 3178 #
 3179 # Options under this group are used to define Nova API.
 3180 
 3181 #
 3182 # From nova.conf
 3183 #
 3184 
 3185 #
 3186 # This determines the strategy to use for authentication: keystone or noauth2.
 3187 # 'noauth2' is designed for testing only, as it does no actual credential
 3188 # checking. 'noauth2' provides administrative credentials only if 'admin' is
 3189 # specified as the username.
 3190 #  (string value)
 3191 # Possible values:
 3192 # keystone - 
 3193 # noauth2 - 
 3194 #auth_strategy = keystone
 3195 auth_strategy = keystone
[keystone_authtoken] セクション

keystone 関連の設定を追加します。NOVA_PASS は nova ユーザのパスワードです。

 6061 [keystone_authtoken]
 6062 auth_url = http://vm-nfj-osctrln1:5000/v3
 6063 memcached_servers = vm-nfj-osctrln1:11211
 6064 auth_type = password
 6065 project_domain_name = default
 6066 user_domain_name = default
 6067 project_name = service
 6068 username = nova
 6069 password = NOVA_PASS
[vnc] セクション

VNC proxy には [DEFAULT] セクションで指定した、管理用 IP アドレス $my_ip の値が入ります。

10677 [vnc]
10678 #  
10679 # Virtual Network Computer (VNC) can be used to provide remote desktop
10680 # console access to instances for tenants and/or administrators.
10681 enabled = true
10682 server_listen = $my_ip
10683 server_proxyclient_address = $my_ip
[glance] セクション

api_servers に値としてコントローラーノードを設定します。

 5243 [glance]
 5244 # Configuration options for the Image service
 5245 
 5246 #
 5247 # From nova.conf
 5248 #
 5249 
 5250 #
 5251 # List of glance api servers endpoints available to nova.
 5252 #
 5253 # https is used for ssl-based glance api servers.
 5254 #
 5255 # NOTE: The preferred mechanism for endpoint discovery is via keystoneauth1
 5256 # loading options. Only use api_servers if you need multiple endpoints and are
 5257 # unable to use a load balancer for some reason.
 5258 #
 5259 # Possible values:
 5260 #
 5261 # * A list of any fully qualified url of the form
 5262 # "scheme://hostname:port[/path]"
 5263 #   (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image").
 5264 #  (list value)
 5265 #api_servers = 
 5266 api_servers = http://vm-nfj-osctrln1:9292
[oslo_concurrency] セクション
 7999 [oslo_concurrency]
 8000 
 8001 #
 8002 # From oslo.concurrency
 8003 #
 8004 
 8005 # Enables or disables inter-process locks. (boolean value)
 8006 #disable_process_locking = false
 8007 
 8008 # Directory to use for lock files.  For security, the specified directory should
 8009 # only be writable by the user running the processes that need locking. Defaults
 8010 # to environment variable OSLO_LOCK_PATH. If external locks are used, a lock
 8011 # path must be set. (string value)
 8012 #lock_path = 
 8013 lock_path = /var/lib/nova/tmp
[placement] セクション
PLACEMENT_PASS は placement ユーザのパスワードです。
 8819 [placement]
 8820 os_region_name = openstack
 8821 
 8822 region_name = Tokyo
 8823 project_domain_name = Default
 8824 project_name = service
 8825 auth_type = password
 8826 user_domain_name = Default
 8827 auth_url = http://vm-nfj-osctrln1:5000/v3
 8828 username = placement
 8829 password = PLACEMENT_PASS

nova-api と placement データベース同期

ずらずらっとログが出力されます。

$ sudo su -s /bin/sh -c "nova-manage api_db sync" nova
2018-11-17 11:05:42.187 1603 INFO migrate.versioning.api [-] 0 -> 1... 
2018-11-17 11:05:42.256 1603 INFO migrate.versioning.api [-] done
...
2018-11-17 11:05:46.255 1603 INFO migrate.versioning.api [-] 60 -> 61... 
2018-11-17 11:05:46.360 1603 INFO migrate.versioning.api [-] done
2018-11-17 11:05:46.499 1603 INFO migrate.versioning.api [-] 0 -> 1... 
2018-11-17 11:05:46.571 1603 INFO migrate.versioning.api [-] done
...
2018-11-17 11:05:51.665 1603 INFO migrate.versioning.api [-] 60 -> 61... 
2018-11-17 11:05:51.743 1603 INFO migrate.versioning.api [-] done

cell0 データベースの登録

$ sudo su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

cell1 セルを作成

$ sudo su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
d6d4e349-038e-409f-af7a-d39a896188da

nova データベースの同期

ずらずらっとログが出力されます。

$ sudo su -s /bin/sh -c "nova-manage db sync" nova
2018-11-17 11:11:37.555 7589 INFO migrate.versioning.api [req-fd1ddac8-4d63-471a-bfe9-84886d6c7b4d - - - - -] done

nova に cell0 と cell1 が登録されたか確認

$ sudo su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+
|  Name |                 UUID                 |              Transport URL              |              Database Connection               | Disabled |
+-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 |                  none:/                 | mysql+pymysql://nova:****@10.2.2.90/nova_cell0 |  False   |
| cell1 | d6d4e349-038e-409f-af7a-d39a896188da | rabbit://openstack:****@vm-nfj-osctrln1 |    mysql+pymysql://nova:****@10.2.2.90/nova    |  False   |
+-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+

nova 関連サービス再起動

$ sudo service nova-api restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service nova-novncproxy restart

次回はコンピュートノード上での nova インストールです。

スポンサーリンク