嘿嘿嘿,我太懶了,就一點點補作業。
openstack指令
配置keystone應用環境
keystone服務安裝完成之後,可以通過請求身份令牌來驗證服務,具體指令如下,以admin使用者來通路
http://controller:3357/v3
來擷取token的值,
用admin使用者通路http://controller:35357/v3擷取token值
openstack --os-project-name admin --os-domain-name demo --os-username admin --os-password 000000 --os-auth-url http://controller:35357/v3 token issue
管理認證使用者
生效環境變量
source /etc/keystone/admin-openrc.sh
建立昵稱為alce的使用者,密碼為mypassword123,郵箱為[email protected],域為demo
openstack user create --password mypassword123 --email [email protected] --domain demo alice
建立項目acme
openstack project create --domain demo acme
建立角色
openstack role create compute-user
給使用者alice配置設定項目acme下的compute-user角色。
openstack role add --user alice --project acme compute-user
顯示使用者admin
openstack user show admin
顯示項目
openstack project show ceme
顯示管理者角色
openstack role show admin
建立項目-
建立業務部BS_dept
openstack project create --domain demo BS_dept
建立it部it_dept的租戶
openstack project create --domain demo IT_dept
建立使用者賬号
cli界面為業務部門建立一個名為BS_Dept的租戶
openstack project create --domain=demo BS_Dept
cli界面為IT部門建立一個名為IT_Dept的租戶
openstack project create --domain=demo IT_Dept
cli界面為IT部門建立一個名為RD_Dept的租戶
openstack project create --domain=demo RD_Dept
RD_Dept 建立rduser01
openstack user create --domain=demo --password cloudpassword --email [email protected] --project RD_Dept rduser01
給業務部BS_Dept建立使用者bsuser01
openstack user create --domain=demo --password cloudpassword --email [email protected] --project BS_Dept bsuser01
給業務部BS_Dept建立使用者bsuser02
openstack user create --domin=demo --password cloudpassword --email [email protected] --project BS_Dept bsuser02
給業務部IT_Dept建立使用者ituser01
openstack user create --domain=demo --password cloudpassword --email [email protected] --project IT_Dept ituser01
綁定使用者權限
界面化綁定權限
bsuser01屬于compute-user
openstack role add --domain=demo --user=bsuser01 compute-user
openstack role add --domain=demo --group=BS_Dept compute-user
圖形化綁定權限
打開
dashboard
,找到管理者選項,選中’項目’,選擇‘管理使用者’,進入‘編輯虛項目’
直達網址
http://192.168.100.10/dashboard/identity/
第七章
一、消息服務
1、檢測RabbitMQ服務
source /etc/keystone/admin-openrc.sh
rpm -qa|grep rabbitmq
如果檢測沒有服務,就可以通過
yum install -y rabbitmq -server
進行安裝
2、RabbitMQ服務使用者操作
①查詢目前使用者清單
rabbitmqctl list_users
②建立rabbitmq使用者openstack
rabbitmqctl add_user openstck 000000
rabbitmqctl list_users
3、賦予消息隊列服務使用者通路權限
①賦予openstack使用者對所有資源讀寫的權限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
②查詢openstack使用者所擁有的權限
rabbitmqctl list_user_permissions openstack
第八章
一、鏡像服務
1、鏡像服務基本操作
(1)指令行方式進行鏡像建立、查詢、删除和修改鏡像。
①查詢Glance版本
查詢Glance服務清單
source /etc/keystone/admin-openrc.sh
openstack-service list|grep glance
②檢測Glance服務是否啟動
openstack-service status|grep glance
③查詢glance-control版本
glance-control --version
(2)建立鏡像
①使用終端軟體上傳CirrOS鏡像到contrller的/tmp/images目錄中,并檢視
mkdir /tmp/images
cd /tmp/images/tmp/images
wget http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
②檢視鏡像檔案資訊
[root@controller images]# file cirros-0.3.2-x86_64-disk.img
③使用指令行建立鏡像
source /etc/keystone/admin-openrc.sh
glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --progress < cirros-0.3.2-x86_64-disk.img
④查詢鏡像清單
glance image-list
(3) 更改鏡像
①擷取鏡像詳細資訊
glance image-show 2dcb1ef3-7cfa-41b2-9156-24293b7122d1
這裡的2dcb1ef3-7cfa-41b2-9156-24293b7122d1和④查詢鏡像清單的ID一模一樣
②修改鏡像啟動硬碟所需大小
glance image-update --min-disk=1 2dcb1ef3-7cfa-41b2-9156-24293b7122d1
③删除鏡像
glance image-delete 2dcb1ef3-7cfa-41b2-9156-24293b7122d1
glance image-list
二、制作Centos7.2鏡像 制作Centos7.2鏡像
(1)挂載Centos7.2的iso檔案,如果在/opt目錄下有相應的目錄就不用挂載
挂載centos7
[root@controller ~]# mkdir /opt/centos7
[root@controller ~]# mount -o loop /dev/cdrom /mnt/
[root@controller ~]# cp -rf /mnt/* /opt/centos7
[root@controller ~]# umount /mnt/
挂載xiandian
[root@controller ~]# mount -o loop /dev/cdrom /mnt/
[root@controller ~]# mkdir /opt/iaas
[root@controller ~]# cp -rf /mnt/* /opt/iaas
[root@controller ~]# umount /mnt/
(2)安裝虛拟化工具軟體包qemu-kvm和libvirt
yum install -y qemu-kvm libvirt
###qemu-kvm用來建立虛拟機硬碟,libvirt用來管理虛拟機
(3)安裝虛拟化工具軟體包virt-install,用來建立虛拟機
yum install -y virt-install
(4)啟動libvirtd
如果
ip a
不能顯示,那就
yum install -y net -tools
cd /usr/local/bin
systemctl start libvirtd && systemctl enable libvirtd
能看見virbr0 就為成功
ip a
(5)使用KVM建立CentOS7的虛拟機
① 使用qemu指令建立一個10G的硬碟的虛拟機(最小10,G,可以更多),虛拟機的名稱為: CentOS-7-x86_64.raw。
[root@controller /]# qemu-img create -f raw /opt/CentOS-7-x86_64.raw 10G
Formatting '/opt/CentOS-7-x86_64.raw', fmt=raw size=10737418240
[root@controller /]# ll -h /opt
total 36K
drwxr-xr-x. 8 root root 4.0K Apr 20 11:24 centos
drwxr-xr-x. 8 root root 4.0K May 22 20:05 centos7
-rw-r--r--. 1 root root 10G May 22 20:18 CentOS-7-x86_64.raw
-rw-r--r--. 1 root root 1.7K Dec 9 2015 CentOS-Base.repo
-rw-r--r--. 1 root root 1.3K Dec 9 2015 CentOS-CR.repo
-rw-r--r--. 1 root root 649 Dec 9 2015 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 290 Dec 9 2015 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 Dec 9 2015 CentOS-Media.repo
-rw-r--r--. 1 root root 1.3K Dec 9 2015 CentOS-Sources.repo
-rw-r--r--. 1 root root 2.0K Dec 9 2015 CentOS-Vault.repo
drwxr-xr-x. 4 root root 35 May 22 20:09 iaas
[root@controller /]#
②使用virt-install建立名稱為CentOS-7-x86_64的虛拟機,在建立之前,先上傳一個CentOS7的ISO鏡像
③建立虛拟機
這裡的/opt/CentOS-7-x86_64-DVD-1511.iso 是我上傳的鏡像
virt-install --virt-type kvm --name CentOS-7-x86_64 --ram 1024 --cdrom=/opt/CentOS-7-x86_64-DVD-1511.iso --disk path=/opt/CentOS-7-x86_64.raw --network network=default --graphics vnc,listen=0.0.0.0 --noautoconsole
④使用TightVNC工具,連接配接主機IP 192.168.100.10 設定安裝作業系統的網卡名稱為eth0
安裝步驟和我們平時安裝作業系統的方法一樣,安裝完成後,可以使用virsh list --all顯示KVM上所有的虛拟機
[root@controller /]# virsh list --all
Id Name State
----------------------------------------------------
2 CentOS-7-x86_64 running
⑤ 管理KVM
a.使用virsh啟動KVM中的虛拟機
[root@controller /]# virsh list --all
Id Name State
----------------------------------------------------
2 CentOS-7-x86_64 running
[root@controller /]# virsh start CentOS-7-x86_64
Domain CentOS-7-x86_64 started
[root@controller /]#
b.配置網卡ip位址、重新開機網卡
vi /etc/sysconfig/network-script/ifcfg-eth0
c.關閉虛拟機,如圖4-25所示
poweroff
鏡像格式轉換
[root@controller ~]# qemu-img convert -f raw /opt/CentOS-7-x86_64.raw /opt/CentOS-7-x86_64.qcow2
可以看到/opt目錄下已經存在QCOW2格式的檔案了
第9周
一、上傳鏡像
二、網絡基本操作
①列出系統擴充指令
[root@controller ~]# neutron ext-list -c alias -c name
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| fwaasrouterinsertion | Firewall Router insertion |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| lbaas | LoadBalancing service |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| lbaas_agent_scheduler | Loadbalancer Agent Scheduler |
| fwaas | Firewall service |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dns-integration | DNS Integration |
| service-type | Neutron Service Type Management |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
[root@controller ~]#
②修改網絡模式
[root@controller ~]# sed -i '101s/flat/vxlan/g' /etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
[root@controller ~]# openstack-service restart
[root@controller ~]#
③建立網絡
[root@controller ~]# neutron net-create ext-net --shared --router:external=True
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-22T14:17:34 |
| description | |
| id | 63272d18-d201-4365-9f18-90a637d10afd |
| ipv4_address_scope | |
| ipv6_address_scope | |
| is_default | False |
| mtu | 1458 |
| name | ext-net |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 23 |
| router:external | True |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
| updated_at | 2020-05-22T14:17:34 |
+---------------------------+--------------------------------------+
[root@controller ~]#
④建立子網
[root@controller ~]# neutron subnet-create ext-net --name ext-subnet --allocation-pool start=172.24.7.100,end=172.24.7.200 --disable-dhcp --gateway 172.24.7.254 172.24.7.0/24
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "172.24.7.100", "end": "172.24.7.200"} |
| cidr | 172.24.7.0/24 |
| created_at | 2020-05-22T14:23:30 |
| description | |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 172.24.7.254 |
| host_routes | |
| id | 99489de3-a1c9-4825-aa41-9e462bb8e5d7 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | ext-subnet |
| network_id | 63272d18-d201-4365-9f18-90a637d10afd |
| subnetpool_id | |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
| updated_at | 2020-05-22T14:23:30 |
+-------------------+--------------------------------------------------+
[root@controller ~]#
⑤建立租戶網絡
[root@controller ~]# neutron net-create demo-net
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-22T14:24:49 |
| description | |
| id | 23498729-7c88-4bf8-be39-dfa4b2533314 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1458 |
| name | demo-net |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 36 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
| updated_at | 2020-05-22T14:24:49 |
+---------------------------+--------------------------------------+
⑥建立使用者子網
[root@controller ~]# neutron subnet-create demo-net --name demo-subnet --gateway 10.0.0.1 10.0.0.0/24
Created a new subnet:
+-------------------+--------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------+
| allocation_pools | {"start": "10.0.0.2", "end": "10.0.0.254"} |
| cidr | 10.0.0.0/24 |
| created_at | 2020-05-22T14:25:38 |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 657dcd0d-b8ac-41de-8f83-da89b726d2ea |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | demo-subnet |
| network_id | 23498729-7c88-4bf8-be39-dfa4b2533314 |
| subnetpool_id | |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
| updated_at | 2020-05-22T14:25:38 |
+-------------------+--------------------------------------------+
⑦建立子網
[root@controller ~]# neutron router-create router1
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| distributed | False |
| external_gateway_info | |
| ha | False |
| id | 75d3172a-bfbc-491b-b480-c60083288b93 |
| name | router1 |
| routes | |
| status | ACTIVE |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
+-------------------------+--------------------------------------+
[root@controller ~]#
第十周
(1)通過Dashboard界面和指令行方式完成任務
①建立各部門項目
②建立各部門項目
③指令行方式來建立外來通路使用網絡
[root@controller ~]# neutron net-create Guest-Net
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-22T15:15:00 |
| description | |
| id | 2c92059d-7240-4f36-bcc8-cec80384a473 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1458 |
| name | Guest-Net |
| port_security_enabled | True |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 83 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
| updated_at | 2020-05-22T15:15:00 |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron subnet-create --name Guest-Subnet --gateway 172.24.6.1 --allocation-pool start=172.24.6.2,end=172.24.6.254 Guest-Net 172.24.6.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "172.24.6.2", "end": "172.24.6.254"} |
| cidr | 172.24.6.0/24 |
| created_at | 2020-05-22T15:15:11 |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 172.24.6.1 |
| host_routes | |
| id | 9a1c5121-8bfb-4468-8774-1025cb635425 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | Guest-Subnet |
| network_id | 2c92059d-7240-4f36-bcc8-cec80384a473 |
| subnetpool_id | |
| tenant_id | e37b17396c1348ea8776273f3a98982c |
| updated_at | 2020-05-22T15:15:11 |
+-------------------+------------------------------------------------+
建立子網
檢視項目清單
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 09aa6abf846140619b17344c30dbbb68 | BS_Dept |
| 1665d6505d0c4c69a11368873b742edc | service |
| 3e7a2b3a775945f3b764e38c4f3d82ab | acme |
| 4471ff03335f414c97fa17e2da46ed54 | RD_Dept |
| 748ae79006f5403c9a00d9ce750683c8 | IT_Dept |
| e37b17396c1348ea8776273f3a98982c | admin |
| f5e6fabc9d3340429a31901584d21609 | demo |
+----------------------------------+---------+
[root@controller ~]#
a.為項目研發部建立網絡和子網
[root@controller ~]# openstack network create --project 4471ff03335f414c97fa17e2da46ed54 RD_net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2020-05-22T15:02:57 |
| description | |
| headers | |
| id | d749e730-1866-4832-a0b7-db576f158457 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| mtu | 1458 |
| name | RD_net |
| port_security_enabled | True |
| project_id | 4471ff03335f414c97fa17e2da46ed54 |
| provider:network_type | gre |
| provider:physical_network | None |
| provider:segmentation_id | 16 |
| router_external | Internal |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2020-05-22T15:02:57 |
+---------------------------+--------------------------------------+
④Dashboard界面建立網絡隔離
1)建立研發部安全組規則
[root@controller ~]# nova secgroup-create RD_Rule RD
+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| f9650ccd-3bc4-42f0-8666-5ba88fa890ee | RD_Rule | RD |
+--------------------------------------+---------+-------------+
[root@controller ~]# nova secgroup-add-rule RD_Rule ICMP -1 -1 172.24.3.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| icmp | -1 | -1 | 172.24.3.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule RD_Rule TCP 1 65535 172.24.3.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| tcp | 1 | 65535 | 172.24.3.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule RD_Rule UDP 1 65535 172.24.3.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.3.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule RD_Rule ICMP -1 -1 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| icmp | -1 | -1 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule RD_Rule TCP 1 65535 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| tcp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule RD_Rule UDP 1 65535 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-list-rules RD_Rule
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| icmp | -1 | -1 | 172.24.3.0/24 | |
| udp | 1 | 65535 | 172.24.5.0/24 | |
| udp | 1 | 65535 | 172.24.3.0/24 | |
| tcp | 1 | 65535 | 172.24.3.0/24 | |
| icmp | -1 | -1 | 172.24.5.0/24 | |
| tcp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]#
2)建立業務部安全組規則
[root@controller ~]# nova secgroup-create BS_Rule BS
+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| ca565374-7a44-4260-8287-198bba2c1546 | BS_Rule | BS |
+--------------------------------------+---------+-------------+
[root@controller ~]# nova secgroup-add-rule BS_Rule ICMP -1 -1 172.24.4.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| icmp | -1 | -1 | 172.24.4.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule BS_Rule TCP 1 65535 172.24.4.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| tcp | 1 | 65535 | 172.24.4.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule BS_Rule UDP 1 65535 172.24.4.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.4.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule BS_Rule ICMP -1 -1 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| icmp | -1 | -1 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule BS_Rule TCP 1 65535 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| tcp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]#
[root@controller ~]# nova secgroup-add-rule BS_Rule UDP 1 65535 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]#
[root@controller ~]# nova secgroup-list-rules BS_Rule
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.4.0/24 | |
| icmp | -1 | -1 | 172.24.4.0/24 | |
| icmp | -1 | -1 | 172.24.5.0/24 | |
| tcp | 1 | 65535 | 172.24.4.0/24 | |
| tcp | 1 | 65535 | 172.24.5.0/24 | |
| udp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]#
3)建立工程部安全組規則
[root@controller ~]# nova secgroup-create IT_Rule IT
+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| a4eb6a87-e636-4dca-a19e-2fcf24580914 | IT_Rule | IT |
+--------------------------------------+---------+-------------+
[root@controller ~]# nova secgroup-add-rule IT_Rule ICMP -1 -1 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| icmp | -1 | -1 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]#
[root@controller ~]# nova secgroup-add-rule IT_Rule TCP 1 65535 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| tcp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-add-rule IT_Rule UDP 1 65535 172.24.5.0/24
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
[root@controller ~]# nova secgroup-list-rules IT_Rule
+-------------+-----------+---------+---------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+---------------+--------------+
| udp | 1 | 65535 | 172.24.5.0/24 | |
| icmp | -1 | -1 | 172.24.5.0/24 | |
| tcp | 1 | 65535 | 172.24.5.0/24 | |
+-------------+-----------+---------+---------------+--------------+
⑤Dashboard界面建立路由器
第十周作業2
一.計算服務的基本操作
(1)檢測Nova服務是否安裝
(2)檢測Nova服務清單
(3)檢測Nova服務的運作狀态
(4)Nova管理鏡像
①nova擷取鏡像清單
②nova查詢鏡像詳細資訊
(5)Nova管理安全組規則
①建立安全組
②安全組添加規則
代碼部分
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# rpm -qa | grep nova
openstack-nova-common-13.1.0-1.el7.noarch
openstack-nova-conductor-13.1.0-1.el7.noarch
python-nova-13.1.0-1.el7.noarch
openstack-nova-scheduler-13.1.0-1.el7.noarch
openstack-nova-api-13.1.0-1.el7.noarch
openstack-nova-novncproxy-13.1.0-1.el7.noarch
openstack-nova-console-13.1.0-1.el7.noarch
python-novaclient-3.3.1-1.el7.noarch
[root@controller ~]# openstack-service list
neutron-dhcp-agent
neutron-l3-agent
neutron-metadata-agent
neutron-openvswitch-agent
neutron-server
openstack-glance-api
openstack-glance-registry
openstack-nova-api
openstack-nova-conductor
openstack-nova-consoleauth
openstack-nova-novncproxy
openstack-nova-scheduler
[root@controller ~]# clear
[root@controller ~]# openstack-service list | grep nova
openstack-nova-api
openstack-nova-conductor
openstack-nova-consoleauth
openstack-nova-novncproxy
openstack-nova-scheduler
[root@controller ~]# openstack-service status | grep nova
MainPID=59757 Id=openstack-nova-api.service ActiveState=active
MainPID=59704 Id=openstack-nova-conductor.service ActiveState=active
MainPID=59727 Id=openstack-nova-consoleauth.service ActiveState=active
MainPID=59677 Id=openstack-nova-novncproxy.service ActiveState=active
MainPID=59698 Id=openstack-nova-scheduler.service ActiveState=active
[root@controller ~]# nova image-list
+--------------------------------------+------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+------+--------+--------+
| 6594559e-7d0a-4ab2-b8da-9e3bbb11f156 | iaas | ACTIVE | |
+--------------------------------------+------+--------+--------+
[root@controller ~]#
[root@controller ~]# nova image-show 6594559e-7d0a-4ab2-b8da-9e3bbb11f156
+----------------------+--------------------------------------+
| Property | Value |
+----------------------+--------------------------------------+
| OS-EXT-IMG-SIZE:size | 2851502080 |
| created | 2020-05-22T14:12:24Z |
| id | 6594559e-7d0a-4ab2-b8da-9e3bbb11f156 |
| minDisk | 0 |
| minRam | 0 |
| name | iaas |
| progress | 100 |
| status | ACTIVE |
| updated | 2020-05-22T14:12:36Z |
+----------------------+--------------------------------------+
[root@controller ~]# nova secgroup-create test 'test the nova command about the rules'
+--------------------------------------+------+---------------------------------------+
| Id | Name | Description |
+--------------------------------------+------+---------------------------------------+
| 016370e2-6175-47be-8696-c33b86e8dd03 | test | test the nova command about the rules |
+--------------------------------------+------+---------------------------------------+
[root@controller ~]# nova secgroup-add-rule test icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@controller ~]#
二、在Dashboard界面上啟動和部署雲主機,并進行測試
(1)上傳一個鏡像
(2)配置一個網絡架構
①增加二層的外部網絡
②增加二層的内部網絡
(3)部署和啟動雲主機,并進行測試,如圖6-18所示。
(4)測試網絡部分,如圖6-19所示。
測試網絡是指讓實體機可以通過外網192.168.200網段連接配接雲主機。