Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo -  Kilo - 

 Chapter 5. Add the Compute service

 OpenStack Compute

Use OpenStack Compute to host and manage cloud computing systems. OpenStack Compute is a major part of an Infrastructure-as-a-Service (IaaS) system. The main modules are implemented in Python.

OpenStack Compute interacts with OpenStack Identity for authentication, OpenStack Image service for disk and server images, and OpenStack dashboard for the user and administrative interface. Image access is limited by projects, and by users; quotas are limited per project (the number of instances, for example). OpenStack Compute can scale horizontally on standard hardware, and download images to launch instances.

OpenStack Compute consists of the following areas and their components:

API

nova-api service

Accepts and responds to end user compute API calls. The service supports the OpenStack Compute API, the Amazon EC2 API, and a special Admin API for privileged users to perform administrative actions. It enforces some policies and initiates most orchestration activities, such as running an instance.

nova-api-metadata service

Accepts metadata requests from instances. The nova-api-metadata service is generally used when you run in multi-host mode with nova-network installations. For details, see Metadata service in the OpenStack Cloud Administrator Guide.

On Debian systems, it is included in the nova-api package, and can be selected through debconf.

Compute core

nova-compute service

A worker daemon that creates and terminates virtual machine instances through hypervisor APIs. For example:

  • XenAPI for XenServer/XCP

  • libvirt for KVM or QEMU

  • VMwareAPI for VMware

Processing is fairly complex. Basically, the daemon accepts actions from the queue and performs a series of system commands such as launching a KVM instance and updating its state in the database.

nova-scheduler service

Takes a virtual machine instance request from the queue and determines on which compute server host it runs.

nova-conductor module

Mediates interactions between the nova-compute service and the database. It eliminates direct accesses to the cloud database made by the nova-compute service. The nova-conductor module scales horizontally. However, do not deploy it on nodes where the nova-compute service runs. For more information, see A new Nova service: nova-conductor.

nova-cert module

A server daemon that serves the Nova Cert service for X509 certificates. Used to generate certificates for euca-bundle-image. Only needed for the EC2 API.

Networking for VMs

nova-network worker daemon

Similar to the nova-compute service, accepts networking tasks from the queue and manipulates the network. Performs tasks such as setting up bridging interfaces or changing IPtables rules.

Console interface

nova-consoleauth daemon

Authorizes tokens for users that console proxies provide. See nova-novncproxy and nova-xvpvncproxy. This service must be running for console proxies to work. You can run proxies of either type against a single nova-consoleauth service in a cluster configuration. For information, see About nova-consoleauth.

nova-novncproxy daemon

Provides a proxy for accessing running instances through a VNC connection. Supports browser-based novnc clients.

nova-spicehtml5proxy daemon

Provides a proxy for accessing running instances through a SPICE connection. Supports browser-based HTML5 client.

nova-xvpvncproxy daemon

Provides a proxy for accessing running instances through a VNC connection. Supports an OpenStack-specific Java client.

nova-cert daemon

x509 certificates.

Image management (EC2 scenario)

nova-objectstore daemon

An S3 interface for registering images with the OpenStack Image service. Used primarily for installations that must support euca2ools. The euca2ools tools talk to nova-objectstore in S3 language, and nova-objectstore translates S3 requests into Image service requests.

euca2ools client

A set of command-line interpreter commands for managing cloud resources. Although it is not an OpenStack module, you can configure nova-api to support this EC2 interface. For more information, see the Eucalyptus 3.4 Documentation.

Command-line clients and other interfaces

nova client

Enables users to submit commands as a tenant administrator or end user.

Other components

The queue

A central hub for passing messages between daemons. Usually implemented with RabbitMQ, but can be implemented with an AMQP message queue, such as Apache Qpid or Zero MQ.

SQL database

Stores most build-time and run-time states for a cloud infrastructure, including:

  • Available instance types

  • Instances in use

  • Available networks

  • Projects

Theoretically, OpenStack Compute can support any database that SQL-Alchemy supports. Common databases are SQLite3 for test and development work, MySQL, and PostgreSQL.

 Install and configure controller node

This section describes how to install and configure the Compute service, code-named nova, on the controller node.

 

To configure prerequisites

Before you install and configure the Compute service, you must create a database, service credentials, and API endpoint.

  1. To create the database, complete these steps:

    1. Use the database access client to connect to the database server as the root user:

      $ mysql -u root -p
    2. Create the nova database:

      CREATE DATABASE nova;
    3. Grant proper access to the nova database:

      GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
        IDENTIFIED BY 'NOVA_DBPASS';
      GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
        IDENTIFIED BY 'NOVA_DBPASS';

      Replace NOVA_DBPASS with a suitable password.

    4. Exit the database access client.

  2. Source the admin credentials to gain access to admin-only CLI commands:

    $ source admin-openrc.sh
  3. To create the service credentials, complete these steps:

    1. Create the nova user:

      $ openstack user create --password-prompt nova
      User Password:
      Repeat User Password:
      +----------+----------------------------------+
      | Field    | Value                            |
      +----------+----------------------------------+
      | email    | None                             |
      | enabled  | True                             |
      | id       | 8e0b71d732db4bfba04943a96230c8c0 |
      | name     | nova                             |
      | username | nova                             |
      +----------+----------------------------------+
    2. Add the admin role to the nova user:

      $ openstack role add --project service --user nova admin
      +-------+----------------------------------+
      | Field | Value                            |
      +-------+----------------------------------+
      | id    | cd2cb9a39e874ea69e5d4b896eb16128 |
      | name  | admin                            |
      +-------+----------------------------------+
    3. Create the nova service entity:

      $ openstack service create --name nova \
        --description "OpenStack Compute" compute
      +-------------+----------------------------------+
      | Field       | Value                            |
      +-------------+----------------------------------+
      | description | OpenStack Compute                |
      | enabled     | True                             |
      | id          | 060d59eac51b4594815603d75a00aba2 |
      | name        | nova                             |
      | type        | compute                          |
      +-------------+----------------------------------+
  4. Create the Compute service API endpoint:

    $ openstack endpoint create \
      --publicurl http://controller:8774/v2/%\(tenant_id\)s \
      --internalurl http://controller:8774/v2/%\(tenant_id\)s \
      --adminurl http://controller:8774/v2/%\(tenant_id\)s \
      --region RegionOne \
      compute
    +--------------+-----------------------------------------+
    | Field        | Value                                   |
    +--------------+-----------------------------------------+
    | adminurl     | http://controller:8774/v2/%(tenant_id)s |
    | id           | 4e885d4ad43f4c4fbf2287734bc58d6b        |
    | internalurl  | http://controller:8774/v2/%(tenant_id)s |
    | publicurl    | http://controller:8774/v2/%(tenant_id)s |
    | region       | RegionOne                               |
    | service_id   | 060d59eac51b4594815603d75a00aba2        |
    | service_name | nova                                    |
    | service_type | compute                                 |
    +--------------+-----------------------------------------+
 

To install and configure Compute controller components

[Note]Note

Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain.

  1. Install the packages:

    # apt-get install nova-api nova-cert nova-conductor nova-consoleauth \
      nova-novncproxy nova-scheduler python-novaclient
  2. Edit the /etc/nova/nova.conf file and complete the following actions:

    1. Add a [database] section, and configure database access:

      [database]
      ...
      connection = mysql://nova:NOVA_DBPASS@controller/nova

      Replace NOVA_DBPASS with the password you chose for the Compute database.

    2. In the [DEFAULT] and [oslo_messaging_rabbit] sections, configure RabbitMQ message queue access:

      [DEFAULT]
      ...
      rpc_backend = rabbit
      
      [oslo_messaging_rabbit]
      ...
      rabbit_host = controller
      rabbit_userid = openstack
      rabbit_password = RABBIT_PASS

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    3. In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:

      [DEFAULT]
      ...
      auth_strategy = keystone
      
      [keystone_authtoken]
      ...
      auth_uri = http://controller:5000
      auth_url = http://controller:35357
      auth_plugin = password
      project_domain_id = default
      user_domain_id = default
      project_name = service
      username = nova
      password = NOVA_PASS

      Replace NOVA_PASS with the password you chose for the nova user in the Identity service.

      [Note]Note

      Comment out or remove any other options in the [keystone_authtoken] section.

    4. In the [DEFAULT] section, configure the my_ip option to use the management interface IP address of the controller node:

      [DEFAULT]
      ...
      my_ip = 10.0.0.11
    5. In the [DEFAULT] section, configure the VNC proxy to use the management interface IP address of the controller node:

      [DEFAULT]
      ...
      vncserver_listen = 10.0.0.11
      vncserver_proxyclient_address = 10.0.0.11
    6. In the [glance] section, configure the location of the Image service:

      [glance]
      ...
      host = controller
    7. In the [oslo_concurrency] section, configure the lock path:

      [oslo_concurrency]
      ...
      lock_path = /var/lib/nova/tmp
    8. (Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

      [DEFAULT]
      ...
      verbose = True
  3. Populate the Compute database:

    # su -s /bin/sh -c "nova-manage db sync" nova
 

To finalize installation

  1. Restart the Compute services:

    # service nova-api restart
    # service nova-cert restart
    # service nova-consoleauth restart
    # service nova-scheduler restart
    # service nova-conductor restart
    # service nova-novncproxy restart
  2. By default, the Ubuntu packages create an SQLite database.

    Because this configuration uses a SQL database server, you can remove the SQLite database file:

    # rm -f /var/lib/nova/nova.sqlite

 Install and configure a compute node

This section describes how to install and configure the Compute service on a compute node. The service supports several hypervisors to deploy instances or VMs. For simplicity, this configuration uses the QEMU hypervisor with the KVM extension on compute nodes that support hardware acceleration for virtual machines. On legacy hardware, this configuration uses the generic QEMU hypervisor. You can follow these instructions with minor modifications to horizontally scale your environment with additional compute nodes.

[Note]Note

This section assumes that you are following the instructions in this guide step-by-step to configure the first compute node. If you want to configure additional compute nodes, prepare them in a similar fashion to the first compute node in the example architectures section using the same networking service as your existing environment. For either networking service, follow the NTP configuration and OpenStack packages instructions. For OpenStack Networking (neutron), also follow the OpenStack Networking compute node instructions. For legacy networking (nova-network), also follow the legacy networking compute node instructions. Each additional compute node requires unique IP addresses.

 

To install and configure the Compute hypervisor components

[Note]Note

Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain.

  1. Install the packages:

    # apt-get install nova-compute sysfsutils
  2. Edit the /etc/nova/nova.conf file and complete the following actions:

    1. In the [DEFAULT] and [oslo_messaging_rabbit] sections, configure RabbitMQ message queue access:

      [DEFAULT]
      ...
      rpc_backend = rabbit
      
      [oslo_messaging_rabbit]
      ...
      rabbit_host = controller
      rabbit_userid = openstack
      rabbit_password = RABBIT_PASS

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    2. In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:

      [DEFAULT]
      ...
      auth_strategy = keystone
      
      [keystone_authtoken]
      ...
      auth_uri = http://controller:5000
      auth_url = http://controller:35357
      auth_plugin = password
      project_domain_id = default
      user_domain_id = default
      project_name = service
      username = nova
      password = NOVA_PASS

      Replace NOVA_PASS with the password you chose for the nova user in the Identity service.

      [Note]Note

      Comment out or remove any other options in the [keystone_authtoken] section.

    3. In the [DEFAULT] section, configure the my_ip option:

      [DEFAULT]
      ...
      my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

      Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.

    4. In the [DEFAULT] section, enable and configure remote console access:

      [DEFAULT]
      ...
      vnc_enabled = True
      vncserver_listen = 0.0.0.0
      vncserver_proxyclient_address = MANAGEMENT_INTERFACE_IP_ADDRESS
      novncproxy_base_url = http://controller:6080/vnc_auto.html

      The server component listens on all IP addresses and the proxy component only listens on the management interface IP address of the compute node. The base URL indicates the location where you can use a web browser to access remote consoles of instances on this compute node.

      Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.

      [Note]Note

      If the web browser to access remote consoles resides on a host that cannot resolve the controller hostname, you must replace controller with the management interface IP address of the controller node.

    5. In the [glance] section, configure the location of the Image service:

      [glance]
      ...
      host = controller
    6. In the [oslo_concurrency] section, configure the lock path:

      [oslo_concurrency]
      ...
      lock_path = /var/lib/nova/tmp
    7. (Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

      [DEFAULT]
      ...
      verbose = True
 

To finalize installation

  1. Determine whether your compute node supports hardware acceleration for virtual machines:

    $ egrep -c '(vmx|svm)' /proc/cpuinfo

    If this command returns a value of one or greater, your compute node supports hardware acceleration which typically requires no additional configuration.

    If this command returns a value of zero, your compute node does not support hardware acceleration and you must configure libvirt to use QEMU instead of KVM.

    1. Edit the [libvirt] section in the /etc/nova/nova-compute.conf file as follows:

      [libvirt]
      ...
      virt_type = qemu
  2. Restart the Compute service:

    # service nova-compute restart
  3. By default, the Ubuntu packages create an SQLite database.

    Because this configuration uses a SQL database server, you can remove the SQLite database file:

    # rm -f /var/lib/nova/nova.sqlite

 Verify operation

Verify operation of the Compute service.

[Note]Note

Perform these commands on the controller node.

  1. Source the admin credentials to gain access to admin-only CLI commands:

    $ source admin-openrc.sh
  2. List service components to verify successful launch and registration of each process:

    $ nova service-list
    +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
    | Id | Binary           | Host       | Zone     | Status  | State | Updated_at                 | Disabled Reason |
    +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
    | 1  | nova-conductor   | controller | internal | enabled | up    | 2014-09-16T23:54:02.000000 | -               |
    | 2  | nova-consoleauth | controller | internal | enabled | up    | 2014-09-16T23:54:04.000000 | -               |
    | 3  | nova-scheduler   | controller | internal | enabled | up    | 2014-09-16T23:54:07.000000 | -               |
    | 4  | nova-cert        | controller | internal | enabled | up    | 2014-09-16T23:54:00.000000 | -               |
    | 5  | nova-compute     | compute1   | nova     | enabled | up    | 2014-09-16T23:54:06.000000 | -               |
    +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
    [Note]Note

    This output should indicate four service components enabled on the controller node and one service component enabled on the compute node.

  3. List API endpoints in the Identity service to verify connectivity with the Identity service:

    $ nova endpoints
    +-----------+------------------------------------------------------------+
    | nova      | Value                                                      |
    +-----------+------------------------------------------------------------+
    | id        | 1fb997666b79463fb68db4ccfe4e6a71                           |
    | interface | public                                                     |
    | region    | RegionOne                                                  |
    | region_id | RegionOne                                                  |
    | url       | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d |
    +-----------+------------------------------------------------------------+
    +-----------+------------------------------------------------------------+
    | nova      | Value                                                      |
    +-----------+------------------------------------------------------------+
    | id        | bac365db1ff34f08a31d4ae98b056924                           |
    | interface | admin                                                      |
    | region    | RegionOne                                                  |
    | region_id | RegionOne                                                  |
    | url       | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d |
    +-----------+------------------------------------------------------------+
    +-----------+------------------------------------------------------------+
    | nova      | Value                                                      |
    +-----------+------------------------------------------------------------+
    | id        | e37186d38b8e4b81a54de34e73b43f34                           |
    | interface | internal                                                   |
    | region    | RegionOne                                                  |
    | region_id | RegionOne                                                  |
    | url       | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d |
    +-----------+------------------------------------------------------------+
    
    +-----------+----------------------------------+
    | glance    | Value                            |
    +-----------+----------------------------------+
    | id        | 41ad39f6c6444b7d8fd8318c18ae0043 |
    | interface | admin                            |
    | region    | RegionOne                        |
    | region_id | RegionOne                        |
    | url       | http://controller:9292           |
    +-----------+----------------------------------+
    +-----------+----------------------------------+
    | glance    | Value                            |
    +-----------+----------------------------------+
    | id        | 50ecc4ce62724e319f4fae3861e50f7d |
    | interface | internal                         |
    | region    | RegionOne                        |
    | region_id | RegionOne                        |
    | url       | http://controller:9292           |
    +-----------+----------------------------------+
    +-----------+----------------------------------+
    | glance    | Value                            |
    +-----------+----------------------------------+
    | id        | 7d3df077a20b4461a372269f603b7516 |
    | interface | public                           |
    | region    | RegionOne                        |
    | region_id | RegionOne                        |
    | url       | http://controller:9292           |
    +-----------+----------------------------------+
    
    +-----------+----------------------------------+
    | keystone  | Value                            |
    +-----------+----------------------------------+
    | id        | 88150c2fdc9d406c9b25113701248192 |
    | interface | internal                         |
    | region    | RegionOne                        |
    | region_id | RegionOne                        |
    | url       | http://controller:5000/v2.0      |
    +-----------+----------------------------------+
    +-----------+----------------------------------+
    | keystone  | Value                            |
    +-----------+----------------------------------+
    | id        | cecab58c0f024d95b36a4ffa3e8d81e1 |
    | interface | public                           |
    | region    | RegionOne                        |
    | region_id | RegionOne                        |
    | url       | http://controller:5000/v2.0      |
    +-----------+----------------------------------+
    +-----------+----------------------------------+
    | keystone  | Value                            |
    +-----------+----------------------------------+
    | id        | fc90391ae7cd4216aca070042654e424 |
    | interface | admin                            |
    | region    | RegionOne                        |
    | region_id | RegionOne                        |
    | url       | http://controller:35357/v2.0     |
    +-----------+----------------------------------+
  4. List images in the Image service catalog to verify connectivity with the Image service:

    $ nova image-list
    +--------------------------------------+---------------------+--------+--------+
    | ID                                   | Name                | Status | Server |
    +--------------------------------------+---------------------+--------+--------+
    | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros-0.3.4-x86_64 | ACTIVE |        |
    +--------------------------------------+---------------------+--------+--------+
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...