Oenstack镜像管理[rootcontroller ~ 09:50:35]# source keystonerc_admin[rootcontroller ~(keystone_admin)]# glance image-create --name image_centos --file TinyCore-12.0.iso --disk-format iso --container bare --progress[]100% ----------------------------------------------------------------------------------------------------|Property|Value|----------------------------------------------------------------------------------------------------|checksum|495f43bdc9bc829b70c59aecf8c0a17d||container_format|bare||created_at|2026-05-19T01:53:40Z||disk_format|iso||id|a5df05f9-bad4-4b4a-8fb3-112546a2d66f||min_disk|0||min_ram|0||name|image_centos||os_hash_algo|sha512||os_hash_value|b6b6539a0bf9fed35a9c2d40011526630679b01655e2c18ee28ea6800ff5ea4b9199d97e2562ba07|||9fabd45565e1412bb0e8a5cad1a70bbef3d7669e3f8e14ae||os_hidden|False||owner|070e8f64c11049dbb550e3c0e07a77dd||protected|False||size|20971520||status|active||tags|[]||updated_at|2026-05-19T01:53:40Z||virtual_size|Not available||visibility|shared|----------------------------------------------------------------------------------------------------openstack 计算管理查看控制与计算结点[rootcontroller ~(keystone_admin)]# ps aux | grep novanova17310.11.0831612114684? Ss 09:470:06 /usr/bin/python3 /usr/bin/nova-novncproxy--web/usr/share/novnc/ nova20410.61.41995016146848? Ssl 09:470:24 /usr/bin/python3 /usr/bin/nova-compute nova32621.21.0314080110516? Ss 09:480:48 /usr/bin/python3 /usr/bin/nova-conductor nova32810.01.3609472137160? Sl 09:480:03 nova_api_wsgi-DFOREGROUNDnova32820.11.3609472137336? Sl 09:480:04 nova_api_wsgi-DFOREGROUNDnova32830.01.3609472137336? Sl 09:480:03 nova_api_wsgi-DFOREGROUNDnova32840.01.3609472137160? Sl 09:480:03 nova_api_wsgi-DFOREGROUNDnova32850.00.126610414420? Sl 09:480:00 nova_metadata_w-DFOREGROUNDnova32860.00.133164014420? Sl 09:480:00 nova_metadata_w-DFOREGROUNDnova32870.00.126610414420? Sl 09:480:00 nova_metadata_w-DFOREGROUNDnova32880.00.126610414412? Sl 09:480:00 nova_metadata_w-DFOREGROUNDnova33031.21.0314452110600? Ss 09:480:47 /usr/bin/python3 /usr/bin/nova-scheduler nova34140.31.0319156106200? S 09:480:14 /usr/bin/python3 /usr/bin/nova-conductor nova34150.31.0319080106088? S 09:480:14 /usr/bin/python3 /usr/bin/nova-conductor nova34160.31.0318764105876? S 09:480:14 /usr/bin/python3 /usr/bin/nova-conductor nova34170.31.0318792105804? S 09:480:14 /usr/bin/python3 /usr/bin/nova-conductor nova34650.00.9316320103524? S 09:480:02 /usr/bin/python3 /usr/bin/nova-scheduler nova34660.00.9316312103552? S 09:480:03 /usr/bin/python3 /usr/bin/nova-scheduler root80450.00.0122161112pts/0 S10:510:00grep--colorauto nova[rootcompute ~10:52:26]# ps aux | grep novanova158110.53.81985116144128? Ssl10:520:07 /usr/bin/python3 /usr/bin/nova-compute root21220.00.0122161180pts/0 S10:530:00grep--colorauto nova[rootcompute ~10:53:17]# virsh versionCompiled against library: libvirt8.0.0 Using library: libvirt8.0.0 Using API: QEMU8.0.0 Running hypervisor: QEMU6.2.0检验rabbitMQ服务是否正常[rootcontroller ~(keystone_admin)]# systemctl status rabbitmq-server.service● rabbitmq-server.service - RabbitMQ broker Loaded: loaded(/usr/lib/systemd/system/rabbitmq-server.service;enabled;vendoDrop-In: /etc/systemd/system/rabbitmq-server.service.d └─90-limits.conf Active: active(running)since Tue2026-05-19 09:48:12 CST;1h 7min ago Main PID:1757(beam.smp)Status:InitializedTasks:91(limit:65255)Memory:117.3M CGroup: /system.slice/rabbitmq-server.service ├─1757 /usr/lib64/erlang/erts-10.7.2.1/bin/beam.smp-Ww-A64-MBasag├─2103 /usr/lib64/erlang/erts-10.7.2.1/bin/epmd-daemon├─3062 erl_child_setup16384├─3215 inet_gethost4└─3216 inet_gethost4May1909:48:11 controller rabbitmq-server[1757]:########## Licensed under theMay1909:48:11 controller rabbitmq-server[1757]: Doc guides: https://rabbitmq.cMay1909:48:11 controller rabbitmq-server[1757]: Support: https://rabbitmq.cMay1909:48:11 controller rabbitmq-server[1757]: Tutorials: https://rabbitmq.cMay1909:48:11 controller rabbitmq-server[1757]: Monitoring: https://rabbitmq.cMay1909:48:11 controller rabbitmq-server[1757]: Logs: /var/log/rabbitmq/rabbitMay1909:48:11 controller rabbitmq-server[1757]: /var/log/rabbitmq/rabbitMay1909:48:11 controller rabbitmq-server[1757]: Config file(s): /etc/rabbitmq/May1909:48:12 controller systemd[1]: Started RabbitMQ broker.查看nova.conf1132connectionmysqlpymysql://nova_api:d247d6a4c7f14f2f192.168.108.10/nova_api1763connectionmysqlpymysql://nova:d247d6a4c7f14f2f192.168.108.10/nova查看filter1931available_filtersnova.scheduler.filters.all_filters查看enable_files1938enabled_filtersAvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,Im agePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilterAvailabilityZoneFilter[rootcontroller ~12:06:22]# vim /etc/nova/nova.conf[rootcontroller ~12:07:56]# systemctl restart openstack-nova*[rootcontroller ~12:08:56]# tail /var/log/nova/nova-scheduler.log -f2026-05-1912:08:28.2323818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]oslo_reports.file_event_handlerNone log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.2323818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]oslo_reports.file_event_handler_interval1log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.2333818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]oslo_reports.log_dirNone log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.2333818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]******************************************************************************** log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26172026-05-1912:08:48.0983840DEBUG oslo_service.periodic_task[req-da0defef-8a67-46f8-837f-5c5eb3809aca - - - - -]Running periodic task SchedulerManager._run_periodic_tasks run_periodic_tasks /usr/lib/python3.6/site-packages/oslo_service/periodic_task.py:2112026-05-1912:08:51.1313839DEBUG oslo_service.periodic_task[req-0a82b4c6-7c87-4c3d-877c-df82a3595645 - - - - -]Running periodic task SchedulerManager._run_periodic_tasks run_periodic_tasks /usr/lib/python3.6/site-packages/oslo_service/periodic_task.py:2112026-05-1912:08:56.9903840DEBUG oslo_concurrency.lockutils[req-fd39e95e-d9cd-4b68-a6e9-a0d7117c57f2 - - - - -]Lockhost_instanceacquired bynova.scheduler.host_manager.HostManager.update_instance_info:: waited0.000s inner /usr/lib/python3.6/site-packages/oslo_concurrency/lockutils.py:3592026-05-1912:08:56.9913840DEBUG oslo_concurrency.lockutils[req-fd39e95e-d9cd-4b68-a6e9-a0d7117c57f2 - - - - -]Lockhost_instancereleased bynova.scheduler.host_manager.HostManager.update_instance_info:: held0.000s inner /usr/lib/python3.6/site-packages/oslo_concurrency/lockutils.py:3712026-05-1912:08:56.9913839DEBUG oslo_concurrency.lockutils[req-fd39e95e-d9cd-4b68-a6e9-a0d7117c57f2 - - - - -]Lockhost_instanceacquired bynova.scheduler.host_manager.HostManager.update_instance_info:: waited0.000s inner /usr/lib/python3.6/site-packages/oslo_concurrency/lockutils.py:3592026-05-1912:08:56.9923839DEBUG oslo_concurrency.lockutils[req-fd39e95e-d9cd-4b68-a6e9-a0d7117c57f2 - - - - -]Lockhost_instancereleased bynova.scheduler.host_manager.HostManager.update_instance_info:: held0.001s inner /usr/lib/python3.6/site-packages/oslo_concurrency/lockutils.py:371创建一个实例观看日志先开启debug:[rootcontroller ~]# vim /etc/nova/nova.conf694debugTrue[rootcontroller ~]# systemctl restart openstack-nova*日志回顾 nova-scheduler 的工作过程了。整个过程都被记录到 /var/log/novascheduler.log的日志文件中。[rootcontroller ~12:09:55]# cat /var/log/nova/nova-scheduler.log |grep Filter2026-05-1912:08:28.1893818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.enabled_filters[AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter]log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:2615日志显示初始有两个 host在我们的实验环境中就是controller 和compute依次经过6 个 filter 的过滤AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffin ityFilter,ServerGroupAffinityFilter两个计算节点都通过了。那么接下来就该 weight了[rootcontroller ~14:49:24]# cat /var/log/nova/nova-scheduler.log |grep weight2026-05-1912:08:28.1873818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.build_failure_weight_multiplier1000000.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1873818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.cpu_weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1883818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.cross_cell_move_weight_multiplier1000000.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1883818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.disk_weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1903818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.io_ops_weight_multiplier-1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1913818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.pci_weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1913818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.ram_weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1923818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.soft_affinity_weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1923818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.soft_anti_affinity_weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1923818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]filter_scheduler.weight_classes[nova.scheduler.weights.all_weighers]log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1933818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]metrics.weight_multiplier1.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1933818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]metrics.weight_of_unavailable-10000.0log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:26152026-05-1912:08:28.1943818DEBUG oslo_service.service[req-165e1342-1332-4323-b961-bb8d360d96b9 - - - - -]metrics.weight_setting[]log_opt_values /usr/lib/python3.6/site-packages/oslo_config/cfg.py:2615经过权重比较做种compute获胜[rootcontroller ~14:50:39]# cat /var/log/nova/nova-scheduler.log | grep Select2026-05-1914:48:28.343127512DEBUG nova.scheduler.filter_scheduler[req-9d523d33-5559-490d-9930-3dab34d1e62a 9c480f1e472d408a945c4e071dd00dfa 06866c5bc16143f8893c67d7bba8babc - default default][instance: 2f06ec4f-8991-44da-8bb4-a5dbdc7242a3]Selected host:(compute, compute)ram: 7053MB disk: 62464MB io_ops:0instances:1_consume_selected_host /usr/lib/python3.6/site-packages/nova/scheduler/filter_scheduler.py:354可以看到因为compute的硬盘比 controller 多权重值更大最终选择 compute。注意生产环境没有故障时不要开启deubg,浪费性能navacompute[rootcompute ~]# vim /etc/nova/nova.conf53compute_driverlibvirt.LibvirtDriver[rootcontroller ~14:51:26]# cd /usr/lib/python3.6/site-packages/nova/virt/[rootcontroller virt15:29:52]# lsarch.py event.py imagecache.py libvirt storage_users.py block_device.py fake.py images.py netutils.py virtapi.py configdrive.py hardware.py __init__.py osinfo.py vmwareapi disk hyperv interfaces.template powervm zvm driver.py image ironic __pycache__rabbitmq[rootcontroller ~]# systemctl status rabbitmq-server.service● rabbitmq-server.service - RabbitMQ broker Loaded: loaded(/usr/lib/systemd/system/rabbitmq-server.service;enabled;vendor preset: disabled)Drop-In: /etc/systemd/system/rabbitmq-server.service.d └─90-limits.conf Active: active(running)since Thu2024-09-26 09:06:19 CST;18min ago Main PID:1721(beam.smp)Status:InitializedTasks:91(limit:100416)Memory:118.7M CGroup: /system.slice/rabbitmq-server.service ├─1721 /usr/lib64/erlang/erts-10.7.2.1/bin/beam.smp-Ww-A64-MBasageffcbf-MHasageffcbf-MBlmbcs512├─2144 /usr/lib64/erlang/erts-10.7.2.1/bin/epmd-daemon├─3100 erl_child_setup16384├─7806 inet_gethost4└─7807 inet_gethost4[rootcontroller virt15:29:55]# rabbitmq-plugins enable rabbitmq_managementEnabling plugins onnoderabbitcontroller: rabbitmq_management The following plugins have been configured: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch Applying plugin configuration to rabbitcontroller... The following plugins have been enabled: rabbitmq_management rabbitmq_management_agent rabbitmq_web_dispatch started3plugins.[rootcontroller virt15:32:13]# iptables -F[rootcontroller virt15:32:22]# rabbitmqctl add_user user_admin passwd_adminAdding useruser_admin...[rootcontroller virt15:32:56]# rabbitmqctl set_user_tags user_admin administratorSetting tags for user user_admin to [administrator] ...查看nova相关服务[rootcontroller ~15:35:00]# source keystonerc_admin[rootcontroller ~(keystone_admin)]# openstack compute service list--------------------------------------------------------------------------------------|ID|Binary|Host|Zone|Status|State|Updated At|--------------------------------------------------------------------------------------|1|nova-conductor|controller|internal|enabled|up|2026-05-19T07:35:22.000000||3|nova-scheduler|controller|internal|enabled|up|2026-05-19T07:35:18.000000||6|nova-compute|controller|gpu_az|enabled|up|2026-05-19T07:35:14.000000||7|nova-compute|compute|nogpu_az|enabled|up|2026-05-19T07:35:16.000000|--------------------------------------------------------------------------------------创建虚拟机•Step1用户通过Dashboard/CLI 申请创建虚拟机并以REST API 方式来请求Keystone授权。•Step2keystone通过用户请求认证信息并生成auth-token返回给对应的认证请求。•Step3界面或命令行通过RESTful API向nova-api发送一个boot instance的请求携带auth-token。•Step4nova-api接受请求后向keystone发送认证请求查看token是否为有效用户和token。•Step5keystone验证token是否有效如有效则返回有效的认证和对应的角色注有些操作需要有角色权限才能操作。•Step6通过认证后nova-api和数据库通讯。•Step7初始化新建虚拟机的数据库记录。•Step8nova-api通过rpc.call向nova-scheduler请求是否有创建虚拟机的资源Host ID。•Step9nova-scheduler进程侦听消息队列获取nova-api的请求。•Step10nova-scheduler通过查询nova数据库中计算资源的情况并通过调度算法计算符合虚拟机创建需要的主机。•Step11对于有符合虚拟机创建的主机nova-scheduler更新数据库中虚拟机对应的物理主机信息。•Step12nova-scheduler通过rpc.cast向nova-compute发送对应的创建虚拟机请求的消息。•Step13nova-compute会从对应的消息队列中获取创建虚拟机请求的消息。•Step14nova-compute通过rpc.call向nova-conductor请求获取虚拟机消息。•Step15nova-conductor从消息队队列中拿到nova-compute请求消息。•Step16nova-conductor根据消息查询虚拟机对应的信息。•Step17nova-conductor从数据库中获得虚拟机对应信息。•Step18nova-conductor把虚拟机信息通过消息的方式发送到消息队列中。•Step19nova-compute从对应的消息队列中获取虚拟机信息消息。•Step20nova-compute通过keystone的RESTfull API拿到认证的token并通过HTTP请求glance-api获取创建虚拟机所需要镜像。•Step21glance-api向keystone认证token是否有效并返回验证结果。•Step22token验证通过nova-compute获得虚拟机镜像信息URL。•Step23nova-compute通过keystone的RESTfull API拿到认证k的token并通过HTTP请求neutronserver获取创建虚拟机所需要的网络信息。•Step24neutron-server向keystone认证token是否有效并返回验证结果。•Step25token验证通过nova-compute获得虚拟机网络信息。•Step26nova-compute通过keystone的RESTfull API拿到认证的token并通过HTTP请求cinder-api获取创建虚拟机所需要的持久化存储信息。•Step27cinder-api向keystone认证token是否有效并返回验证结果。•Step28token验证通过nova-compute获得虚拟机持久化存储信息。•Step29nova-compute根据instance的信息调用配置的虚拟化驱动来创建虚拟机。总结客户可以是 OpenStack 最终用户也可以是其他程序向 APInova-api发送请求“帮我创建一个 Instance”API对请求做一些必要处理后向 MessagingRabbitMQ发送了一条消息“让 Scheduler 创建一个 Instance”Schedulernova-scheduler从 Messaging 获取到 API 发给它的消息然后执行调度算法从若干计算节点中选出节点 A。请参考 看 nova-scheduler 如何选择计算节点Scheduler 向 Messaging 发送了一条消息“在计算节点 A 上创建这个 Instance”计算节点 A 的 Computenova-compute从 Messaging 中获取到 Scheduler 发给它的消息然后通过本节点的 Hypervisor Driver 创建 Instance。请参考 nova-compute 部署 instance详解在 Instance 创建的过程中Compute 如果需要查询或更新数据库信息会通过 Messaging 向Conductornova-conductor发送消息Conductor 负责数据库访问。锁定[rootcontroller ~(keystone_admin)]# cd /etc/openstack-dashboard/[rootcontroller openstack-dashboard(keystone_admin)]# lscinder_policy.json keystone_policy.json local_settings.d nova_policy.d glance_policy.json local_settings neutron_policy.json nova_policy.json[rootcontroller openstack-dashboard(keystone_admin)]# vim nova_policy.json69os_compute_api:os-lock-server:lock:rule:admin_or_owner,70os_compute_api:os-lock-server:unlock:rule:admin_or_owner,71os_compute_api:os-lock-server:unlock:unlock_override:rule:admin_api发现普通用户可以直接解锁解锁再删除(虽然难删除一些但是还是能删除)防止意外删除配置让普通用户不能解锁[rootcontroller openstack-dashboard(keystone_admin)]# vim nova_policy.json69os_compute_api:os-lock-server:lock:rule:admin_or_owner,70os_compute_api:os-lock-server:unlock:rule:admin_api,71os_compute_api:os-lock-server:unlock:unlock_override:rule:admin_api“rule:admin_api”发现普通用户可以直接解锁解锁再删除(虽然难删除一些但是还是能删除) 防止**意外**删除 配置让普通用户不能解锁 ~~~bash [rootcontroller openstack-dashboard(keystone_admin)]# vim nova_policy.json 69 os_compute_api:os-lock-server:lock: rule:admin_or_owner, 70 os_compute_api:os-lock-server:unlock: rule:admin_api, 71 os_compute_api:os-lock-server:unlock:unlock_override: rule:admin_api