前回に引き続き Nova (コントローラーノード向け) のインストールと設定を行っていきます。
Contents
- 1 環境
- 2 DB テーブルの作成
- 3 DB アクセス権の設定
- 4 ユーザの作成
- 5 Placement サービスの作成
- 6 Placement ユーザを service プロジェクトと admin ロールに追加
- 7 Placement API エントリを service カタログに追加
- 8 Placement API サービスエンドポイントを作成
- 9 コントローラーノード上での nova コンポーネントのインストールと設定
- 10 nova 関連サービス再起動
環境
ソフト
- Ubuntu 18.04.1 Server 64bit
- Openstack Rocky
ハード
※仮想マシンでもいけました。
- CPUx2
- MEM 8G
- SSD 30G
- NIC 2 枚
IP 構成
- コントローラー ( vm-nfj-osctrln1 )
- 公開用 ( 外部 ):10.1.55.11/16
- 管理用 ( 内部 ):10.2.55.11/16
- コンピュート ( vm-nfj-oscomp1 )
- 公開用 ( 外部 ):10.1.55.21/16
- 管理用 ( 内部 ):10.2.55.21/16
DB テーブルの作成
nova_api, nova, nova_cell0, placement 計 4 つの DB を作成します。
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 164918 Server version: 10.1.37-MariaDB-1~xenial mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE nova_api; Query OK, 1 row affected (0.02 sec) MariaDB [(none)]> CREATE DATABASE nova; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> CREATE DATABASE nova_cell0; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> CREATE DATABASE placement; Query OK, 1 row affected (0.02 sec)
DB アクセス権の設定
nova_api
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
-> IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'10.1.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'10.2.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
nova
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
-> IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.1.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'10.2.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
nova_cell0
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
-> IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'10.1.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'10.2.0.0/16' IDENTIFIED BY 'NOVA_DBPASS';
Query OK, 0 rows affected (0.01 sec)
placement
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
-> IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
-> IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'10.1.0.0/16' IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'10.2.0.0/16' IDENTIFIED BY 'PLACEMENT_DBPASS';
Query OK, 0 rows affected (0.01 sec)
ユーザの作成
管理者( admin )権限でアクセスするため CLI に環境変数を設定
$ . admin-openrc
ユーザ nova の作成
パスワードが聞かれるので NOVA_PASS と入力(なんでもいいけど忘れると面倒なので便宜上)
$ openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c804864020704ad993892e6dadf4c9a6 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
nova ユーザに admin ロールを追加
$ openstack role add --project service --user nova admin
nova サービスエントリを作成
$ openstack service create --name nova --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 | | name | nova | | type | compute | +-------------+----------------------------------+
Compute API サービスエンドポイントを作成
public, internal, admin 用にそれぞれ作成する
$ openstack endpoint create --region Tokyo compute public http://vm-nfj-osctrln1:8774/v2.1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 4295f1356b254bb491dd3527d3cf8ebf | | interface | public | | region | Tokyo | | region_id | Tokyo | | service_id | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 | | service_name | nova | | service_type | compute | | url | http://vm-nfj-osctrln1:8774/v2.1 | +--------------+----------------------------------+ $ openstack endpoint create --region Tokyo compute internal http://vm-nfj-osctrln1:8774/v2.1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 07d4cc3c039d4fd68845b67d318e4acd | | interface | internal | | region | Tokyo | | region_id | Tokyo | | service_id | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 | | service_name | nova | | service_type | compute | | url | http://vm-nfj-osctrln1:8774/v2.1 | +--------------+----------------------------------+ $ openstack endpoint create --region Tokyo compute admin http://vm-nfj-osctrln1:8774/v2.1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | aaad2aeef2a140298e1ed606f3f2c776 | | interface | admin | | region | Tokyo | | region_id | Tokyo | | service_id | 2d0f0d0caf8f47fc9aa6c21ce62f0ab2 | | service_name | nova | | service_type | compute | | url | http://vm-nfj-osctrln1:8774/v2.1 | +--------------+----------------------------------+
Placement サービスの作成
PLACEMENT_PASSをパスワードとして利用
$ openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0c76eea79d6644aab8966bc0ba5022c9 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Placement ユーザを service プロジェクトと admin ロールに追加
$ openstack role add --project service --user placement admin
Placement API エントリを service カタログに追加
$ openstack service create --name placement --description "Placement API" placement +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Placement API | | enabled | True | | id | 07e3c4ab11d34b338297d41467c35c3e | | name | placement | | type | placement | +-------------+----------------------------------+
Placement API サービスエンドポイントを作成
public, internal, admin 用を作成します
$ openstack endpoint create --region Tokyo placement public http://vm-nfj-osctrln1:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 86d3b83e6e72416db0a1e790fda53092 | | interface | public | | region | Tokyo | | region_id | Tokyo | | service_id | 07e3c4ab11d34b338297d41467c35c3e | | service_name | placement | | service_type | placement | | url | http://vm-nfj-osctrln1:8778 | +--------------+----------------------------------+ $ openstack endpoint create --region Tokyo placement internal http://vm-nfj-osctrln1:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 15d6b04dff964d8395c7ca6e4cfe55d5 | | interface | internal | | region | Tokyo | | region_id | Tokyo | | service_id | 07e3c4ab11d34b338297d41467c35c3e | | service_name | placement | | service_type | placement | | url | http://vm-nfj-osctrln1:8778 | +--------------+----------------------------------+ $ openstack endpoint create --region Tokyo placement admin http://vm-nfj-osctrln1:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8f95b61167c7424aa84bdaf8dfea3eae | | interface | admin | | region | Tokyo | | region_id | Tokyo | | service_id | 07e3c4ab11d34b338297d41467c35c3e | | service_name | placement | | service_type | placement | | url | http://vm-nfj-osctrln1:8778 | +--------------+----------------------------------+
コントローラーノード上での nova コンポーネントのインストールと設定
パッケージのインストール
$ sudo apt install nova-api nova-conductor nova-novncproxy nova-scheduler nova-placement-api
nova コンポーネントの設定
/etc/nova/nova.conf を編集します
[api_database] セクション
NOVA_DBPASS が nova ユーザのパスワード、10.2.2.90 は mysql サーバーの IP です。
3469 [api_database] 3470 #connection = sqlite:////var/lib/nova/nova_api.sqlite 3471 connection = mysql+pymysql://nova:[email protected]/nova_api
[database] セクション
NOVA_DBPASS が nova ユーザのパスワード、10.2.2.90 は mysql サーバーの IP です。
4556 [database] 4557 #connection = sqlite:////var/lib/nova/nova.sqlite 4558 connection = mysql+pymysql://nova:[email protected]/nova
[placement_database] セクション
PCACEMENT_DBPASS が placement ユーザのパスワード、10.2.2.90 は mysql サーバーの IP です。
8950 [placement_database] 8951 # 8952 # The *Placement API Database* is a separate database which can be used with the 8953 # placement service. This database is optional: if the connection option is not 8954 # set, the nova api database will be used instead. 8955 8956 # 8957 # From nova.conf 8958 # 8959 8960 # The SQLAlchemy connection string to use to connect to the database. (string 8961 # value) 8962 #connection =8963 connection = mysql+pymysql://placement:[email protected]/placement
[DEFAULT] セクション
log_dir はコメントアウトしておく。RABBIT_PSSS は RabbitMQ の openstack ユーザパスワードです。my_ip にはコントローラーノードの管理用 IP アドレスを指定します。コンピュートノードでは、デフォルトでファイアウォールが有効となっているため、nove.virt.firewall.NoopFirewallDriver を設定し無効としておく必要があります。[neutron] セクションの設定に関する詳細は、Networking service install guide を参照してください。https://docs.openstack.org/neutron/rocky/install/compute-install-ubuntu.html#configure-the-compute-service-to-use-the-networking-service
1 [DEFAULT]
2 #log_dir = /var/log/nova
3 lock_path = /var/lock/nova
4 state_path = /var/lib/nova
5 transport_url = rabbit://openstack:[email protected]
6 my_ip = 10.2.55.11
7 use_neutron = true
8 firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api] セクション
keystone を利用します。
3177 [api] 3178 # 3179 # Options under this group are used to define Nova API. 3180 3181 # 3182 # From nova.conf 3183 # 3184 3185 # 3186 # This determines the strategy to use for authentication: keystone or noauth2. 3187 # 'noauth2' is designed for testing only, as it does no actual credential 3188 # checking. 'noauth2' provides administrative credentials only if 'admin' is 3189 # specified as the username. 3190 # (string value) 3191 # Possible values: 3192 # keystone -3193 # noauth2 - 3194 #auth_strategy = keystone 3195 auth_strategy = keystone
[keystone_authtoken] セクション
keystone 関連の設定を追加します。NOVA_PASS は nova ユーザのパスワードです。
6061 [keystone_authtoken] 6062 auth_url = http://vm-nfj-osctrln1:5000/v3 6063 memcached_servers = vm-nfj-osctrln1:11211 6064 auth_type = password 6065 project_domain_name = default 6066 user_domain_name = default 6067 project_name = service 6068 username = nova 6069 password = NOVA_PASS
[vnc] セクション
VNC proxy には [DEFAULT] セクションで指定した、管理用 IP アドレス $my_ip の値が入ります。
10677 [vnc] 10678 # 10679 # Virtual Network Computer (VNC) can be used to provide remote desktop 10680 # console access to instances for tenants and/or administrators. 10681 enabled = true 10682 server_listen = $my_ip 10683 server_proxyclient_address = $my_ip
[glance] セクション
api_servers に値としてコントローラーノードを設定します。
5243 [glance] 5244 # Configuration options for the Image service 5245 5246 # 5247 # From nova.conf 5248 # 5249 5250 # 5251 # List of glance api servers endpoints available to nova. 5252 # 5253 # https is used for ssl-based glance api servers. 5254 # 5255 # NOTE: The preferred mechanism for endpoint discovery is via keystoneauth1 5256 # loading options. Only use api_servers if you need multiple endpoints and are 5257 # unable to use a load balancer for some reason. 5258 # 5259 # Possible values: 5260 # 5261 # * A list of any fully qualified url of the form 5262 # "scheme://hostname:port[/path]" 5263 # (i.e. "http://10.0.1.0:9292" or "https://my.glance.server/image"). 5264 # (list value) 5265 #api_servers =5266 api_servers = http://vm-nfj-osctrln1:9292
[oslo_concurrency] セクション
7999 [oslo_concurrency] 8000 8001 # 8002 # From oslo.concurrency 8003 # 8004 8005 # Enables or disables inter-process locks. (boolean value) 8006 #disable_process_locking = false 8007 8008 # Directory to use for lock files. For security, the specified directory should 8009 # only be writable by the user running the processes that need locking. Defaults 8010 # to environment variable OSLO_LOCK_PATH. If external locks are used, a lock 8011 # path must be set. (string value) 8012 #lock_path =8013 lock_path = /var/lib/nova/tmp
[placement] セクション
PLACEMENT_PASS は placement ユーザのパスワードです。 8819 [placement] 8820 os_region_name = openstack 8821 8822 region_name = Tokyo 8823 project_domain_name = Default 8824 project_name = service 8825 auth_type = password 8826 user_domain_name = Default 8827 auth_url = http://vm-nfj-osctrln1:5000/v3 8828 username = placement 8829 password = PLACEMENT_PASS
nova-api と placement データベース同期
ずらずらっとログが出力されます。
$ sudo su -s /bin/sh -c "nova-manage api_db sync" nova 2018-11-17 11:05:42.187 1603 INFO migrate.versioning.api [-] 0 -> 1... 2018-11-17 11:05:42.256 1603 INFO migrate.versioning.api [-] done ... 2018-11-17 11:05:46.255 1603 INFO migrate.versioning.api [-] 60 -> 61... 2018-11-17 11:05:46.360 1603 INFO migrate.versioning.api [-] done 2018-11-17 11:05:46.499 1603 INFO migrate.versioning.api [-] 0 -> 1... 2018-11-17 11:05:46.571 1603 INFO migrate.versioning.api [-] done ... 2018-11-17 11:05:51.665 1603 INFO migrate.versioning.api [-] 60 -> 61... 2018-11-17 11:05:51.743 1603 INFO migrate.versioning.api [-] done
cell0 データベースの登録
$ sudo su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
cell1 セルを作成
$ sudo su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova d6d4e349-038e-409f-af7a-d39a896188da
nova データベースの同期
ずらずらっとログが出力されます。
$ sudo su -s /bin/sh -c "nova-manage db sync" nova 2018-11-17 11:11:37.555 7589 INFO migrate.versioning.api [req-fd1ddac8-4d63-471a-bfe9-84886d6c7b4d - - - - -] done
nova に cell0 と cell1 が登録されたか確認
$ sudo su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova +-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+ | Name | UUID | Transport URL | Database Connection | Disabled | +-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+ | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@10.2.2.90/nova_cell0 | False | | cell1 | d6d4e349-038e-409f-af7a-d39a896188da | rabbit://openstack:****@vm-nfj-osctrln1 | mysql+pymysql://nova:****@10.2.2.90/nova | False | +-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+
nova 関連サービス再起動
$ sudo service nova-api restart $ sudo service nova-scheduler restart $ sudo service nova-conductor restart $ sudo service nova-novncproxy restart
次回はコンピュートノード上での nova インストールです。
