建立 OpenStack雲主機 [六]建立 OpenStack雲主機 [六] openstack 時間:2016年11月28日
建立虛拟網絡
建立
m1.nano
openstack
的原理是不使用密碼連接配接,而是使用密鑰對進行連接配接)
增加安全組規則(用iptables做的安全組)
啟動一個執行個體(使用指令啟動,啟動虛拟機有三種方式:
1.指令CLI 2.api 3.Dashboard
Dashboard
api
進行連接配接塊裝置存儲編排共享檔案系統
虛拟網絡分為
提供者網絡
私有網絡
,提供者網絡就是跟主機在同一個網絡裡,私有網絡相當于單獨建立一個路由器,跟主機不在一個網絡
提供者網絡架構
1、建立虛拟網絡
提示:虛拟網絡必須使用
admin
[root@linux-node1 ~]# source admin-openstack.sh[root@linux-node1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat public-netCreated a new network:+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | True || availability_zone_hints | || availability_zones | || created_at | 2016-11-22T01:52:36 || description | || id | b9f2214e-14a6-4988-b199-ad72eff0d6b9 || ipv4_address_scope | || ipv6_address_scope | || mtu | 1500 || name | public-net || port_security_enabled | True || provider:network_type | flat || provider:physical_network | public || provider:segmentation_id | || router:external | False || shared | True || status | ACTIVE || subnets | || tags | || tenant_id | 026a58f98402437fa95ef4a21fbd4d1a || updated_at | 2016-11-22T01:52:36 |+---------------------------+--------------------------------------+#neutron net-create --shared(共享網絡) --provider:physical_network(實體網絡) public(實體網絡的名稱) --provider:network_type(建立的網絡類型為flat) flat public-net(自定義一個名稱) 檢查是否建立成功
[root@linux-node1 ~]# neutron net-list+--------------------------------------+------------+---------+| id | name | subnets |+--------------------------------------+------------+---------+| b9f2214e-14a6-4988-b199-ad72eff0d6b9 | public-net | |+--------------------------------------+------------+---------+ 現在我們還需要建立子網
[root@linux-node1 ~]# neutron subnet-create --name public-subnet --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 223.5.5.5 --gateway 192.168.56.2 public-net 192.168.56.0/24Created a new subnet:+-------------------+------------------------------------------------------+| Field | Value |+-------------------+------------------------------------------------------+| allocation_pools | {"start": "192.168.56.100", "end": "192.168.56.200"} || cidr | 192.168.56.0/24 || created_at | 2016-11-22T02:05:06 || description | || dns_nameservers | 223.5.5.5 || enable_dhcp | True || gateway_ip | 192.168.56.2 || host_routes | || id | 696eb806-f548-46c2-a653-d05724446daf || ip_version | 4 || ipv6_address_mode | || ipv6_ra_mode | || name | public-subnet || network_id | b9f2214e-14a6-4988-b199-ad72eff0d6b9 || subnetpool_id | || tenant_id | 026a58f98402437fa95ef4a21fbd4d1a || updated_at | 2016-11-22T02:05:06 |+-------------------+------------------------------------------------------+neutron subnet-create 子網建立--name (名稱)--allocation—pool 配置設定位址池start=開始IP位址end=結束IP位址dns-nameserver DNS位址--gateway 網關provider 提供者的網絡(要跟建立網絡的名稱對應起來) 檢查是否關聯成功
[root@linux-node1 ~]# neutron net-list+--------------------------------------+------------+------------------------------------------------------+| id | name | subnets |+--------------------------------------+------------+------------------------------------------------------+| b9f2214e-14a6-4988-b199-ad72eff0d6b9 | public-net | 696eb806-f548-46c2-a653-d05724446daf 192.168.56.0/24 |+--------------------------------------+------------+------------------------------------------------------+ 檢視子網
[root@linux-node1 ~]# neutron subnet-list+--------------------------------------+---------------+-----------------+------------------------------------------------------+| id | name | cidr | allocation_pools |+--------------------------------------+---------------+-----------------+------------------------------------------------------+| 696eb806-f548-46c2-a653-d05724446daf | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} |+--------------------------------------+---------------+-----------------+------------------------------------------------------+ 2.建立m1.nano規格的主機
預設的最小規格的主機需要
512 MB
記憶體。對于環境中計算節點記憶體不足
4 GB
的,我們推薦建立隻需要
64 MB
的m1.nano規格的主機。若單純為了測試的目的,請使用m1.nano規格的主機來加載
CirrOS
鏡像
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano+----------------------------+---------+| Field | Value |+----------------------------+---------+| OS-FLV-DISABLED:disabled | False || OS-FLV-EXT-DATA:ephemeral | 0 || disk | 1 || id | 0 || name | m1.nano || os-flavor-access:is_public | True || ram | 64 || rxtx_factor | 1.0 || swap | || vcpus | 1 |+----------------------------+---------+openstack flavor create 建立主機--id 主機ID--vcpus cpu--ram 64兆(如果想加G,直接寫64G即可)--disk 磁盤(機關是G) 檢視
[root@linux-node1 ~]# openstack flavor list+----+-----------+-------+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-------+------+-----------+-------+-----------+| 0 | m1.nano | 64 | 1 | 0 | 1 | True || 1 | m1.tiny | 512 | 1 | 0 | 1 | True || 2 | m1.small | 2048 | 20 | 0 | 1 | True || 3 | m1.medium | 4096 | 40 | 0 | 2 | True || 4 | m1.large | 8192 | 80 | 0 | 4 | True || 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |+----+-----------+-------+------+-----------+-------+-----------+ 提示:
1-5
是預設的,
是我們建立的
生成一個鍵值對
大部分雲鏡像支援公共密鑰認證而不是傳統的密碼認證。在啟動執行個體前,你必須添加一個公共密鑰到計算服務。
提示:我們使用
demo
使用者進行操作
生成密鑰
[root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# ssh-keygen -q -N ""Enter file in which to save the key (/root/.ssh/id_rsa): 在openstack上建立密鑰對
[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey+-------------+-------------------------------------------------+| Field | Value |+-------------+-------------------------------------------------+| fingerprint | 9e:92:7a:89:b8:cc:86:fa:5d:2d:e9:5f:35:cd:43:01 || name | mykey || user_id | a78ec26501374df4a574bd3f8153d67f |+-------------+-------------------------------------------------+ 驗證規則
[root@linux-node1 ~]# openstack keypair list+-------+-------------------------------------------------+| Name | Fingerprint |+-------+-------------------------------------------------+| mykey | 9e:92:7a:89:b8:cc:86:fa:5d:2d:e9:5f:35:cd:43:01 |+-------+-------------------------------------------------+ 增加安全組
預設情況下,default安全組适用于所有執行個體并且包括拒絕通路執行個體的防火牆規則,對這樣的Linux鏡像,我們推薦至少允許
ICMP(ping
)和安全
shell(SSH)
規則
添加規則到default安全組
允許ICMP(ping)
[root@linux-node1 ~]# openstack security group rule create --proto icmp default+-----------------------+--------------------------------------+| Field | Value |+-----------------------+--------------------------------------+| id | 2a2af0f1-e3ab-426d-9716-10615bec3e75 || ip_protocol | icmp || ip_range | 0.0.0.0/0 || parent_group_id | 58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 || port_range | || remote_security_group | |+-----------------------+--------------------------------------+ 允許安全 shell (SSH) 的通路:
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default+-----------------------+--------------------------------------+| Field | Value |+-----------------------+--------------------------------------+| id | 94aa695c-58dc-4033-8c26-58f7f5482051 || ip_protocol | tcp || ip_range | 0.0.0.0/0 || parent_group_id | 58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 || port_range | 22:22 || remote_security_group | |+-----------------------+--------------------------------------+ 啟動一個執行個體
在公有網絡上建立執行個體确定執行個體選項
啟動一台執行個體,您必須至少指定一個
類型、鏡像名稱、網絡、安全組、密鑰和執行個體名稱
我們還是使用
demo
使用者進行設定
列出可用類型
[root@linux-node1 ~]# source demo-openstack.sh [root@linux-node1 ~]# openstack flavor list+----+-----------+-------+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-------+------+-----------+-------+-----------+| 0 | m1.nano | 64 | 1 | 0 | 1 | True || 1 | m1.tiny | 512 | 1 | 0 | 1 | True || 2 | m1.small | 2048 | 20 | 0 | 1 | True || 3 | m1.medium | 4096 | 40 | 0 | 2 | True || 4 | m1.large | 8192 | 80 | 0 | 4 | True || 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |+----+-----------+-------+------+-----------+-------+-----------+ 因為我們在上面已經建立的,名字是
m1.nano
列出可用的鏡像
[root@linux-node1 ~]# openstack p_w_picpath list+--------------------------------------+--------+--------+| ID | Name | Status |+--------------------------------------+--------+--------+| fc67361d-ad30-40b2-9d96-941e50fc17f5 | cirros | active |+--------------------------------------+--------+--------+ 列出可用的網絡
[root@linux-node1 ~]# openstack network list+--------------------------------------+------------+--------------------------------------+| ID | Name | Subnets |+--------------------------------------+------------+--------------------------------------+| b9f2214e-14a6-4988-b199-ad72eff0d6b9 | public-net | 696eb806-f548-46c2-a653-d05724446daf |+--------------------------------------+------------+--------------------------------------+ 建立網絡的時候使用的不是名稱,而是ID
列出可用的安全組
[root@linux-node1 ~]# openstack security group list+--------------------------------------+---------+------------------------+----------------------------------+| ID | Name | Description | Project |+--------------------------------------+---------+------------------------+----------------------------------+| 58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 | default | Default security group | ff5398ee1b2e4d00bafd57f82dc150e6 |+--------------------------------------+---------+------------------------+----------------------------------+ 建立執行個體
啟動執行個體:
使用
provider
公有網絡的ID替換PUBLIC_NET_ID。
[root@linux-node1 ~]# openstack server create --flavor m1.nano --p_w_picpath cirros \ --nic net-id=b9f2214e-14a6-4988-b199-ad72eff0d6b9 --security-group default \ --key-name mykey provider-instance+--------------------------------------+----------------------------------------------------------+| Field | Value |+--------------------------------------+----------------------------------------------------------+| OS-DCF:diskConfig | MANUAL || OS-EXT-AZ:availability_zone | nova || OS-EXT-STS:power_state | 0 || OS-EXT-STS:task_state | block_device_mapping || OS-EXT-STS:vm_state | building || OS-SRV-USG:launched_at | None || OS-SRV-USG:terminated_at | None || accessIPv4 | || accessIPv6 | || addresses | || adminPass | e6aHhdr43Hjz || config_drive | || created | 2016-11-22T03:48:01Z || flavor | m1.nano (0) || hostId | 6248511bd1ebfa25a7a99fe7c357194cc5fe54249b0228cc94fd51fd || id | 55877c1a-7a08-4ddd-95a6-3c5376ba5c55 || p_w_picpath | cirros (fc67361d-ad30-40b2-9d96-941e50fc17f5) || key_name | mykey || name | provider-instance || os-extended-volumes:volumes_attached | [] || progress | 0 || project_id | ff5398ee1b2e4d00bafd57f82dc150e6 || properties | || security_groups | [{u'name': u'default'}] || status | BUILD || updated | 2016-11-22T03:48:02Z || user_id | a78ec26501374df4a574bd3f8153d67f |+--------------------------------------+----------------------------------------------------------+ 
openstack server create 建立執行個體--flavor 建立的類型--p_w_picpath 鏡像--nic net-id= 網絡ID--security-group 設定安全組--key-name key設定最後一個是執行個體名稱 檢查
[root@linux-node1 ~]# openstack server list+--------------------------------------+-------------------+--------+---------------------------+| ID | Name | Status | Networks |+--------------------------------------+-------------------+--------+---------------------------+| 55877c1a-7a08-4ddd-95a6-3c5376ba5c55 | provider-instance | ACTIVE | public-net=192.168.56.101 |+--------------------------------------+-------------------+--------+---------------------------+ 如果無法建立虛拟機,我們需要檢視所有的日志,可以直接使用
grep 'ERROR' /var/log/nova/*grep 'ERROR' /var/log/neutron/*grep 'ERROR' /var/log/glance/*grep 'ERROR' /var/log/keystone/* 以及檢視
iptables selinux
時間同步等!
提示:需要在控制節點和計算節點都進行操作,因為建立虛拟機是在計算節點。最好提前把日志清空
測試IP
[root@linux-node1 ~]# ping 192.168.56.101PING 192.168.56.101 (192.168.56.101) 56(84) bytes of data.64 bytes from 192.168.56.101: icmp_seq=1 ttl=64 time=0.784 ms64 bytes from 192.168.56.101: icmp_seq=2 ttl=64 time=0.578 ms64 bytes from 192.168.56.101: icmp_seq=3 ttl=64 time=0.426 ms 删除虛拟機
[root@linux-node1 ~]# openstack server list+--------------------------------------+-------------------+--------+---------------------------+| ID | Name | Status | Networks |+--------------------------------------+-------------------+--------+---------------------------+| 55877c1a-7a08-4ddd-95a6-3c5376ba5c55 | provider-instance | ACTIVE | public-net=192.168.56.101 |+--------------------------------------+-------------------+--------+---------------------------+[root@linux-node1 ~]# openstack server delete 55877c1a-7a08-4ddd-95a6-3c5376ba5c55[root@linux-node1 ~]# openstack server list nova service-listneutron anget-listnova p_w_picpath-list 提示:我們建立虛拟機使用的是demo,是以我們如果想檢視主機也要使用demo的腳本進行檢視
使用虛拟控制台通路執行個體
擷取你執行個體的
Virtual Network Computing (VNC)
會話URL并從web浏覽器通路它:
[root@linux-node1 ~]# openstack server list+--------------------------------------+-------------------+--------+---------------------------+| ID | Name | Status | Networks |+--------------------------------------+-------------------+--------+---------------------------+| 62d3f70e-ed8e-4840-8104-99fd2de7e689 | provider-instance | ACTIVE | public-net=192.168.56.104 |+--------------------------------------+-------------------+--------+---------------------------+ show後面填寫的是我們server的名稱
[root@linux-node1 ~]# openstack console url show provider-instance+-------+------------------------------------------------------------------------------------+| Field | Value |+-------+------------------------------------------------------------------------------------+| type | novnc || url | http://192.168.56.11:6080/vnc_auto.html?token=4b7925f4-773f-4a24-89f7-f5daea6a591c |+-------+------------------------------------------------------------------------------------+