OpenStack 虚拟机创建源码分析：虚拟机创建 —— 概览及前期工作

2017-12-11

创建 Network 及 Subnet 之后，我们就可以开始分析虚拟机的创建过程了。

在开始之前，我们先来看一下虚拟机创建概览，以免过早沉溺于细节，失去方向。概览图可参照之前翻译的文章（OpenStack 中虚拟机创建的请求流程）中提到的：

从该图我们也可以看到，创建一个虚拟机涉及到 Nova 内部服务（如 nova-conductor）和外部模块（如 cinder），复杂度还是挺高的。

下文我们先从路由及 nova-api 说起，然后一步步深入。

路由初始化

跟 Keystone 的 API 路由初始化方式不一样，Nova 是以扩展（extension）的方式来初始化的，具体可见如下代码：

# api-paste.ini
[composite:openstack_compute_api_v21]
keystone = ... osapi_compute_app_v21

[app:osapi_compute_app_v21]
paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory

# nova/api/openstack/compute/__init__.py
class APIRouterV21(nova.api.openstack.APIRouterV21):
    """Routes requests on the OpenStack API to the appropriate controller
    and method.
    """
    def __init__(self):
        self._loaded_extension_info = extension_info.LoadedExtensionInfo()
        super(APIRouterV21, self).__init__()
    ......

# nova/api/openstack/__init__.py
class APIRouterV21(base_wsgi.Router):
    """Routes requests on the OpenStack v2.1 API to the appropriate controller
    and method.
    """
    ......

    @staticmethod
    def api_extension_namespace():
        return 'nova.api.v21.extensions'

    def __init__(self):
        ......
        self.api_extension_manager = stevedore.enabled.EnabledExtensionManager(
            namespace=self.api_extension_namespace(),
            check_func=_check_load_extension,
            invoke_on_load=True,
            invoke_kwds={"extension_info": self.loaded_extension_info})
        ......


# setup.cfg
nova.api.v21.extensions =
    ......
    # 这里列出一些比较重要的扩展
    attach_interfaces = nova.api.openstack.compute.attach_interfaces:AttachInterfaces
    availability_zone = nova.api.openstack.compute.availability_zone:AvailabilityZone
    block_device_mapping = nova.api.openstack.compute.block_device_mapping:BlockDeviceMapping
    fixed_ips = nova.api.openstack.compute.fixed_ips:FixedIps
    flavors = nova.api.openstack.compute.flavors:Flavors
    floating_ips = nova.api.openstack.compute.floating_ips:FloatingIps
    quota_classes = nova.api.openstack.compute.quota_classes:QuotaClasses
    quota_sets = nova.api.openstack.compute.quota_sets:QuotaSets
    servers = nova.api.openstack.compute.servers:Servers
    volumes = nova.api.openstack.compute.volumes:Volumes
    ......

以 servers 为例，上边的初始化最终会初始化到 servers(Controller) API 的路由：

# nova/api/openstack/compute/servers.py
class Servers(extensions.V21APIExtensionBase):
    """Servers."""

    name = "Servers"
    alias = ALIAS
    version = 1

    def get_resources(self):
        member_actions = {'action': 'POST'}
        collection_actions = {'detail': 'GET'}
        resources = [
            extensions.ResourceExtension(
                ALIAS,
                ServersController(extension_info=self.extension_info),
                member_name='server', collection_actions=collection_actions,
                member_actions=member_actions)]

        return resources

    def get_controller_extensions(self):
        return []

class ServersController(wsgi.Controller):
    """The Server API base controller class for the OpenStack API."""
    def __init__(self, **kwargs):
    def index(self, req): ......
    def show(self, req, id): ......
    def create(self, req, body): ......
    ......

特别地，针对该 servers API，还需额外加载虚拟机创建相关的扩展：

# nova/api/openstack/compute/servers.py
class ServersController(wsgi.Controller):
    """The Server API base controller class for the OpenStack API."""

    EXTENSION_CREATE_NAMESPACE = 'nova.api.v21.extensions.server.create'

    def __init__(self, **kwargs):
        ......
        # Look for implementation of extension point of server creation
        self.create_extension_manager = \
          stevedore.enabled.EnabledExtensionManager(
              namespace=self.EXTENSION_CREATE_NAMESPACE,
              check_func=_check_load_extension('server_create'),
              invoke_on_load=True,
              invoke_kwds={"extension_info": self.extension_info},
              propagate_map_exceptions=True)
        ......

# setup.cfg
nova.api.v21.extensions.server.create =
    availability_zone = nova.api.openstack.compute.availability_zone:AvailabilityZone
    block_device_mapping = nova.api.openstack.compute.block_device_mapping:BlockDeviceMapping
    block_device_mapping_v1 = nova.api.openstack.compute.block_device_mapping_v1:BlockDeviceMappingV1
    config_drive = nova.api.openstack.compute.config_drive:ConfigDrive
    keypairs_create = nova.api.openstack.compute.keypairs:Keypairs
    multiple_create = nova.api.openstack.compute.multiple_create:MultipleCreate
    scheduler_hints = nova.api.openstack.compute.scheduler_hints:SchedulerHints
    security_groups = nova.api.openstack.compute.security_groups:SecurityGroups
    user_data = nova.api.openstack.compute.user_data:UserData

路由部分到这里就差不多了，再细的我们不过多涉及。

nova-api 向外接收 HTTP 请求

注：nova-api 服务其实还包含了 metadata 服务（OpenStack 源码系列之 Nova：服务启动），这里我们暂不考虑它。

nova-api 是一个 WSGI 服务，向外接收 HTTP 请求（REST API）。它的职责在于将外部的 HTTP 请求路由到相应的处理函数，并最终将结果返回给请求者。

nova-api 所做的事主要可以分为两个部分：

对请求者的合法性（通过 Keystonemiddleware）进行判定。这部分可参考之前博文 OpenStack 源码系列之 Keystone：Token 认证已有详细说明，这里就不多做解释了。
将合法请求路由到相应的处理函数。这部分前边路由部分已经做了说明，也可参考之前博文 OpenStack 源码系列之 Keystone：API 路由、Routes、PasteDeploy。

参数解析及访问控制

当创建虚拟机的 Rest API 请求进来之后，也通过了权限认证，那该 API 最终会路由到具体的函数 ServersController::create。我们现在来看一下该函数的参数解析及访问控制的代码：

# nova/api/openstack/compute/servers.py
class ServersController(wsgi.Controller):

    def create(self, req, body):
        """Creates a new server for a given user."""

        context = req.environ['nova.context']
        server_dict = body['server']
        password = self._get_server_admin_password(server_dict)
        name = common.normalize_name(server_dict['name'])

        if api_version_request.is_supported(req, min_version='2.19'):
            if 'description' in server_dict:
                # This is allowed to be None
                description = server_dict['description']
            else:
                # No default description
                description = None
        else:
            description = name

        # Arguments to be passed to instance create function
        create_kwargs = {}

        # Query extensions which want to manipulate the keyword
        # arguments.
        # NOTE(cyeoh): This is the hook that extensions use
        # to replace the extension specific code below.
        # When the extensions are ported this will also result
        # in some convenience function from this class being
        # moved to the extension
        if list(self.create_extension_manager):
            self.create_extension_manager.map(self._create_extension_point,
                                              server_dict, create_kwargs, body)

        availability_zone = create_kwargs.pop("availability_zone", None)

        helpers.translate_attributes(helpers.CREATE,
                                     server_dict, create_kwargs)

        target = {
            'project_id': context.project_id,
            'user_id': context.user_id,
            'availability_zone': availability_zone}
        context.can(server_policies.SERVERS % 'create', target)

        # TODO(Shao He, Feng) move this policy check to os-availability-zone
        # extension after refactor it.
        parse_az = self.compute_api.parse_availability_zone
        try:
            availability_zone, host, node = parse_az(context,
                                                     availability_zone)
        except exception.InvalidInput as err:
            raise exc.HTTPBadRequest(explanation=six.text_type(err))
        if host or node:
            context.can(server_policies.SERVERS % 'create:forced_host', {})

        min_compute_version = objects.Service.get_minimum_version(
            nova_context.get_admin_context(), 'nova-compute')
        supports_device_tagging = (min_compute_version >=
                                   DEVICE_TAGGING_MIN_COMPUTE_VERSION)

        block_device_mapping = create_kwargs.get("block_device_mapping")
        # TODO(Shao He, Feng) move this policy check to os-block-device-mapping
        # extension after refactor it.
        if block_device_mapping:
            context.can(server_policies.SERVERS % 'create:attach_volume',
                        target)
            for bdm in block_device_mapping:
                if bdm.get('tag', None) and not supports_device_tagging:
                    msg = _('Block device tags are not yet supported.')
                    raise exc.HTTPBadRequest(explanation=msg)

        image_uuid = self._image_from_req_data(server_dict, create_kwargs)

        # NOTE(cyeoh): Although an extension can set
        # return_reservation_id in order to request that a reservation
        # id be returned to the client instead of the newly created
        # instance information we do not want to pass this parameter
        # to the compute create call which always returns both. We use
        # this flag after the instance create call to determine what
        # to return to the client
        return_reservation_id = create_kwargs.pop('return_reservation_id',
                                                  False)

        requested_networks = None
        if ('os-networks' in self.extension_info.get_extensions()
                or utils.is_neutron()):
            requested_networks = server_dict.get('networks')

        if requested_networks is not None:
            requested_networks = self._get_requested_networks(
                requested_networks, supports_device_tagging)

        if requested_networks and len(requested_networks):
            context.can(server_policies.SERVERS % 'create:attach_network',
                        target)

        flavor_id = self._flavor_id_from_req_data(body)
        try:
            inst_type = flavors.get_flavor_by_flavor_id(
                    flavor_id, ctxt=context, read_deleted="no")

# ---------------------------- 调用 Compute API 之前 ---------------------------- #
            (instances, resv_id) = self.compute_api.create(...)

对这部分代码，用一张流程图来表示胜过前言万语：

其中，关于访问控制中的 Policy 相关的部分，细节部分可参考如下博文：

openstack nova 基础知识——policy(非常好，但原博文已丢失，此是备份到印象笔记的副本)
Nova 中的 policy

接下来，我们就要进入虚拟机创建过程的重要部分。且待后文分析。