こんにちは。
株式会社クラスアクト インフラストラクチャ事業部の大塚です。
最近、Openstackの環境構築を1から行っていく記事を投稿しております。
詳しくは以下をご覧下さい。現在、KeystoneとGlanceをインストールし、操作できるようにしております。
今回は、Nova及びPlacementを導入していきたいと思います。
HW構成
| HW | 値 |
|---|---|
| CPU | 4sockets 4cores |
| Memory | 40GB |
| Disk | 100G |
| NIC1(ens18) | 192.168.2.10 |
| NIC2(ens19) | 192.168.2.11 |
用語
Novaとは?
公式サイトより引用します
NovaはOpenStackプロジェクトで、コンピュート・インスタンス(別名仮想サーバー)をプロビジョニングする方法を提供している。Novaは仮想マシンやベアメタルサーバー(ironicを使用)の作成をサポートし、システムコンテナも限定的にサポートしている。Novaは、既存のLinuxサーバーの上でデーモンのセットとして実行され、サービスを提供する。
Placementとは?
以下が分かりやすいと思います。
上記サイトから画像を引っ張ってきておりますが、スケジューラというのが、Nova schedulerの事だと思います。多分。物理的なHWリソースを管理して、Novaから「●●分のメモリ頂戴!」的な事を言われたら「ほいよ!」って感じで渡してくれるんだと思います。
参考サイト
構築
NovaとPlacement用のデータベースをMariaDBに作成
4つ、新しいデータベースを作成しています。
root@openstack:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 55
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.010 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.008 sec)
MariaDB [(none)]> grant all privileges on nova.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> grant all privileges on nova.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.008 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.011 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.008 sec)
MariaDB [(none)]> grant all privileges on placement.* to placement@'localhost' identified by 'password';
Query OK, 0 rows affected (0.009 sec)
MariaDB [(none)]> grant all privileges on placement.* to placement@'%' identified by 'password';
Query OK, 0 rows affected (0.004 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
| placement |
| sys |
+--------------------+
10 rows in set (0.001 sec)
MariaDB [(none)]> exit
Bye
NovaとPlacement用のユーザを作成し、ロールを編集する
以下の様にコマンドを入力し、ユーザを作成したり、adminロールに変更したりします。
root@openstack:~# openstack user create --domain default --project test_project --password password nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 94f179ab12a24facaf5001a1365700c2 |
| domain_id | default |
| enabled | True |
| id | bf48dcd3e8a34497a22d8e037c0bb7b5 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
root@openstack:~# openstack user create --domain default --project test_project --password password placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 94f179ab12a24facaf5001a1365700c2 |
| domain_id | default |
| enabled | True |
| id | cdd83b2c8b894a60b78033bc350c8353 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
root@openstack:~# openstack role add --project test_project --user nova admin
root@openstack:~# openstack role add --project test_project --user placement admin
serviceの登録を行う
Openstackがどんなサービスを提供しているか、ということを登録していきます。
root@openstack:~# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 40740356b4c642d08b3b2b7f8861285b | glance | image |
| cfe56ea89eba4f1abd15e1150d0f18dd | keystone | identity |
+----------------------------------+----------+----------+
root@openstack:~# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | edc82cc587874b54b55e386dc6ad52ac |
| name | nova |
| type | compute |
+-------------+----------------------------------+
root@openstack:~# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 5e747423602744aca20ae93002e62d63 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
root@openstack:~# openstack service list
+----------------------------------+-----------+-----------+
| ID | Name | Type |
+----------------------------------+-----------+-----------+
| 40740356b4c642d08b3b2b7f8861285b | glance | image |
| 5e747423602744aca20ae93002e62d63 | placement | placement |
| cfe56ea89eba4f1abd15e1150d0f18dd | keystone | identity |
| edc82cc587874b54b55e386dc6ad52ac | nova | compute |
+----------------------------------+-----------+-----------+
続いて各サービスのエンドポイントを登録していきます。
root@openstack:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 54fa764ce2ab428fa049b84702a67e0c | RegionOne | glance | image | True | public | http://openstack:9292 |
| 7ad18e2392cb4260920ce5021aa01d8c | RegionOne | glance | image | True | admin | http://openstack:9292 |
| 868b54ff6ec043c88f23a0568c20660b | RegionOne | keystone | identity | True | admin | http://openstack:5000/v3/ |
| a303d641b4e74a44a1edbcf5daed132b | RegionOne | keystone | identity | True | public | http://openstack:5000/v3/ |
| c700edfb775f4f728cf923e8705cfe43 | RegionOne | glance | image | True | internal | http://openstack:9292 |
| ebb4d63058664985b0b56013391b51b6 | RegionOne | keystone | identity | True | internal | http://openstack:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
root@openstack:~# openstack endpoint create --region RegionOne compute public http://openstack:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e4a099613a2143669bb939737776f559 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | edc82cc587874b54b55e386dc6ad52ac |
| service_name | nova |
| service_type | compute |
| url | http://openstack:8774/v2.1 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne compute internal http://openstack:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fa1deee7c85b4cd6b7498a367a3625fb |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | edc82cc587874b54b55e386dc6ad52ac |
| service_name | nova |
| service_type | compute |
| url | http://openstack:8774/v2.1 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne compute admin http://openstack:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8580489d3f07439b8cd640995acb0ea2 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | edc82cc587874b54b55e386dc6ad52ac |
| service_name | nova |
| service_type | compute |
| url | http://openstack:8774/v2.1 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne placement public http://openstack:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7ba3d279e2d84ed0b29069a763b1fd9c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5e747423602744aca20ae93002e62d63 |
| service_name | placement |
| service_type | placement |
| url | http://openstack:8778 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne placement internal http://openstack:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e49b639be0014bda8ba1995dbb2ba500 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5e747423602744aca20ae93002e62d63 |
| service_name | placement |
| service_type | placement |
| url | http://openstack:8778 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint create --region RegionOne placement admin http://openstack:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2c535959a8b3493c88dca068c2c7bd22 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5e747423602744aca20ae93002e62d63 |
| service_name | placement |
| service_type | placement |
| url | http://openstack:8778 |
+--------------+----------------------------------+
root@openstack:~# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 2c535959a8b3493c88dca068c2c7bd22 | RegionOne | placement | placement | True | admin | http://openstack:8778 |
| 54fa764ce2ab428fa049b84702a67e0c | RegionOne | glance | image | True | public | http://openstack:9292 |
| 7ad18e2392cb4260920ce5021aa01d8c | RegionOne | glance | image | True | admin | http://openstack:9292 |
| 7ba3d279e2d84ed0b29069a763b1fd9c | RegionOne | placement | placement | True | public | http://openstack:8778 |
| 8580489d3f07439b8cd640995acb0ea2 | RegionOne | nova | compute | True | admin | http://openstack:8774/v2.1 |
| 868b54ff6ec043c88f23a0568c20660b | RegionOne | keystone | identity | True | admin | http://openstack:5000/v3/ |
| a303d641b4e74a44a1edbcf5daed132b | RegionOne | keystone | identity | True | public | http://openstack:5000/v3/ |
| c700edfb775f4f728cf923e8705cfe43 | RegionOne | glance | image | True | internal | http://openstack:9292 |
| e49b639be0014bda8ba1995dbb2ba500 | RegionOne | placement | placement | True | internal | http://openstack:8778 |
| e4a099613a2143669bb939737776f559 | RegionOne | nova | compute | True | public | http://openstack:8774/v2.1 |
| ebb4d63058664985b0b56013391b51b6 | RegionOne | keystone | identity | True | internal | http://openstack:5000/v3/ |
| fa1deee7c85b4cd6b7498a367a3625fb | RegionOne | nova | compute | True | internal | http://openstack:8774/v2.1 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
NovaとPlacementをインストールし、configをいじる
以下のコマンドを実行し、必要なものをインストールします。
root@openstack:~# apt -y install nova-api nova-conductor nova-scheduler nova-novncproxy placement-api python3-novaclient
Nova、Placementそれぞれのconfigのバックアップを取得します。
root@openstack:~# cp -p /etc/nova/nova.conf /etc/nova/nova.conf.org
root@openstack:~# cp -p /etc/placement/placement.conf /etc/placement/placement.conf.org
Novaのconfigを編集していきます。
ここで少し気を付けないといけないことがあり(私の環境だけなのか)編集しなければならないはずの項目がなぜかconfigのどこを探しても無いみたいなことがありました。
例えばkeystone_authtokenで記入してねと書いているものが、私のNova環境ではありませんでした。その場合項目を追記しないいと、上手く動かなかったです。
root@openstack:~# vi /etc/nova/nova.conf
root@openstack:~# diff /etc/nova/nova.conf /etc/nova/nova.conf.org
root@openstack:~# diff /etc/nova/nova.conf /etc/nova/nova.conf.org
5,7d4
< my_ip = 192.168.2.10
< enabled_apis = osapi_compute,metadata
< transport_url = rabbit://openstack:password@openstack:5672/
886d882
< auth_strategy = keystone
1099,1100d1094
< connection = mysql+pymysql://nova:password@192.168.2.10/nova_api
<
1797d1790
< connection = mysql+pymysql://nova:password@192.168.2.10/nova
2091d2083
< api_servers = http://openstack:9292
2730,2739d2721
< www_authenticate_uri = http://openstack:5000
< auth_url = http://openstack:5000
< memcached_servers = openstack:11211
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = test_project
< username = nova
< password = password
<
3553,3563d3534
< auth_url = http://openstack:5000
< auth_type = password
< project_domain_name = Default
< user_domain_name = Default
< region_name = RegionOne
< project_name = test_project
< username = neutron
< password = password
< service_metadata_proxy = true
< metadata_proxy_shared_secret = METADATA_SECRET
<
3801d3771
< lock_path = /var/lib/nova/tmp
4370,4377d4339
< auth_url = http://openstack:5000/v3
< os_region_name = RegionOne
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = test_project
< username = placement
< password = password
4918,4927d4879
< send_service_user_token = true
< auth_url = http://openstack/identity
< auth_strategy = keystone
< auth_type = password
< project_domain_name = default
< project_name = test_project
< user_domain_name = default
< username = nova
< password = password
<
5438c5390
< enabled = true
---
> #enabled = true
5444c5396
< server_listen = 0.0.0.0
---
> #server_listen = 127.0.0.1
5449c5401
< server_proxyclient_address = 0.0.0.0
---
> #server_proxyclient_address = 127.0.0.1
5627d5578
< api_paste_config = /etc/nova/api-paste.ini
configの権限などを変更します。
root@openstack:~# chmod 640 /etc/nova/nova.conf
root@openstack:~# chgrp nova /etc/nova/nova.conf
NovaのDBと同期していきます。
色々出てきますが、公式サイトで無視してくださいって書いているので、とりあえず無視しました。
root@openstack:~# su -s /bin/sh -c "nova-manage api_db sync" nova
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
root@openstack:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
root@openstack:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
--transport-url not provided in the command line, using the value [DEFAULT]/transport_url from the configuration file
--database_connection not provided in the command line, using the value [database]/connection from the configuration file
ff9a42fb-2479-4eb5-9117-677012a9525a
root@openstack:~# su -s /bin/sh -c "nova-manage db sync" nova
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
登録出来ているか確認します。公式サイトと同様に出力が出れば一旦大丈夫かと思います。
root@openstack:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
+-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack/nova_cell0 | False |
| cell1 | ff9a42fb-2479-4eb5-9117-677012a9525a | rabbit://openstack:****@openstack:5672/ | mysql+pymysql://nova:****@openstack/nova | False |
+-------+--------------------------------------+-----------------------------------------+------------------------------------------------+----------+
設定したconfigをNovaの各サービスに読み込ませます。
root@openstack:~# service nova-api restart
root@openstack:~# service nova-scheduler restart
root@openstack:~# service nova-conductor restart
root@openstack:~# service nova-novncproxy restart
次にPlacementの設定を編集していきます
root@openstack:~# cp -p /etc/placement/placement.conf /etc/placement/placement.conf.org
root@openstack:~# vi /etc/placement/placement.conf
root@openstack:/etc/nova# diff /etc/placement/placement.conf /etc/placement/placement.conf.org
194d193
< auth_strategy = keystone
242,250d240
< www_authenticate_uri = http://openstack:5000
< auth_url = http://openstack:5000
< memcached_servers = openstack:11211
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = test_project
< username = placement
< password = password
525,526c515
< connection = mysql+pymysql://placement:password@openstack/placement
<
---
> connection = sqlite:////var/lib/placement/placement.sqlite
configの権限等の変更を行います。
root@openstack:~# chmod 640 /etc/placement/placement.conf
root@openstack:~# chgrp placement /etc/placement/placement.conf
続いてplacement-apiのconfigを変更をしていきます。
root@openstack:~# cp -p /etc/apache2/sites-enabled/placement-api.conf /etc/apache2/sites-enabled/placement-api.conf.org
root@openstack:~# vi /etc/apache2/sites-enabled/placement-api.conf
root@openstack:~# diff /etc/apache2/sites-enabled/placement-api.conf /etc/apache2/sites-enabled/placement-api.conf.org
1c1
< Listen 127.0.0.1:8778
---
> Listen 8778
PlacementのDBと同期をしていきます
root@openstack:~# su -s /bin/sh -c "placement-manage db sync" placement
apacheのrestartを行います。
root@openstack:~# service apache2 restart
動作確認
openstack compute service listコマンドを使って出力が出るかを確認します。
出力が出れば、一旦は動いていると判断しても良いかと思います。
root@openstack:~# openstack compute service list
+--------------------------------------+----------------+-----------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+--------------------------------------+----------------+-----------+----------+---------+-------+----------------------------+
| e4c311c5-209b-4615-a12d-327834138953 | nova-conductor | openstack | internal | enabled | up | 2023-09-08T12:49:48.000000 |
| e4c311c5-209b-4615-a12d-327834138953 | nova-conductor | openstack | internal | enabled | up | 2023-09-08T12:49:48.000000 |
+--------------------------------------+----------------+-----------+----------+---------+-------+----------------------------+
KVMのインストール
以下のコマンドを入力してKVMをインストールしていきます。
root@openstack:~# apt -y install qemu-kvm libvirt-daemon-system libvirt-daemon virtinst bridge-utils libosinfo-bin
root@openstack:~# apt -y install nova-compute nova-compute-kvm
Novaのconfigを編集する
root@openstack:~# vi /etc/nova/nova.conf
root@openstack:~# diff /etc/nova/nova.conf /etc/nova/nova.conf.org
5,7d4
< my_ip = 192.168.2.10
< enabled_apis = osapi_compute,metadata
< transport_url = rabbit://openstack:password@192.168.2.10
886d882
< auth_strategy = keystone
1099,1100d1094
< connection = mysql+pymysql://nova:password@192.168.2.10/nova_api
<
1797d1790
< connection = mysql+pymysql://nova:password@192.168.2.10/nova
2091d2083
< api_servers = http://192.168.2.10:9292
2730,2739d2721
< www_authenticate_uri = http://192.168.2.10:5000
< auth_url = http://192.168.2.10:5000
< memcached_servers = 192.168.2.10:11211
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = test_project
< username = nova
< password = password
<
3790d3771
< lock_path = $state_path/tmp
4359,4366d4339
< auth_url = http://192.168.2.10:5000
< os_region_name = RegionOne
< auth_type = password
< project_domain_name = default
< user_domain_name = default
< project_name = test_project
< username = placement
< password = password
5423c5396
< server_listen = 192.168.2.10
---
> #server_listen = 127.0.0.1
5428c5401
< server_proxyclient_address = 129.168.2.10
---
> #server_proxyclient_address = 127.0.0.1
5606d5578
< api_paste_config = /etc/nova/api-paste.ini
nova-computeサービス起動
root@openstack:~# systemctl start nova-compute
root@openstack:~# systemctl restart nova-compute
root@openstack:~# systemctl enable nova-compute
Synchronizing state of nova-compute.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nova-compute
root@openstack:~# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
余談
個人的にですがなんとなく「openstackのcatalogってどういうやつなのかなぁ」みたいな疑問がありました。
以下の出力をみるとopenstack service createやopenstack endpoint createが完了して、openstackとしてサービスを提供出来るコンポーネントのリストを表示する為のコマンドなのかなぁと感じました。
root@openstack:~# openstack catalog list
+-----------+-----------+-------------------------------------------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-------------------------------------------------------------------------+
| glance | image | RegionOne |
| | | public: http://openstack:9292 |
| | | RegionOne |
| | | admin: http://openstack:9292 |
| | | RegionOne |
| | | internal: http://openstack:9292 |
| | | |
| placement | placement | RegionOne |
| | | admin: http://openstack:8778 |
| | | RegionOne |
| | | public: http://openstack:8778 |
| | | RegionOne |
| | | internal: http://openstack:8778 |
| | | |
| keystone | identity | RegionOne |
| | | admin: http://openstack:5000/v3/ |
| | | RegionOne |
| | | public: http://openstack:5000/v3/ |
| | | RegionOne |
| | | internal: http://openstack:5000/v3/ |
| | | |
| nova | compute | RegionOne |
| | | public: http://openstack:8774/v2.1/5ea984608bdf4a338bddfc4e9f14bec7 |
| | | RegionOne |
| | | admin: http://openstack:8774/v2.1/5ea984608bdf4a338bddfc4e9f14bec7 |
| | | RegionOne |
| | | internal: http://openstack:8774/v2.1/5ea984608bdf4a338bddfc4e9f14bec7 |
| | | |
+-----------+-----------+-------------------------------------------------------------------------+