1、使用admin的環境變量:
. /scripts/admin-openstack.sh
#說明:在控制端操作;
2、檢查端口号:
netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9696
#neutron服務;
tcp 0 0 0.0.0.0:6080
#novncproxy服務;
tcp 0 0 0.0.0.0:8774
#nova服務;
tcp 0 0 0.0.0.0:8775
#nova服務;
tcp 0 0 0.0.0.0:9191
#glance服務;
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 1211/beam
tcp 0 0 172.16.1.11:3306 0.0.0.0:* LISTEN 1378/mysqld
tcp 0 0 172.16.1.11:11211 0.0.0.0:* LISTEN 1208/memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1208/memcached
tcp 0 0 0.0.0.0:9292
#glance服務;
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1192/sshd
tcp 0 0 0.0.0.0:15672
#rabbitMQ的web界面;
tcp6 0 0 :::5672
#rabbitMQ的服務;
tcp6 0 0 :::5000
#keystone服務;
tcp6 0 0 :::8778
#placement服務;
tcp6 0 0 ::1:11211 :::* LISTEN 1208/memcached
tcp6 0 0 :::80 :::* LISTEN 1209/httpd
tcp6 0 0 :::22 :::* LISTEN 1192/sshd
udp 0 0 127.0.0.1:323 0.0.0.0:* 894/chronyd
udp 0 0 0.0.0.0:123 0.0.0.0:* 894/chronyd
udp6 0 0 ::1:323chronyd
3、檢查服務:
(1)檢查keystone和glance服務:
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| a036ec33-6df8-45ec-adbe-4b0ac189dc8c | cirros | active |
+--------------------------------------+--------+--------+
(2)檢查nova服務:
openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2019-03-30T10:26:57.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2019-03-30T10:27:01.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2019-03-30T10:26:56.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2019-03-30T10:26:57.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
(3)檢查neutron服務:
openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 1210dc27-0620-49d4-850e-2d3c86cf6a43 | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 2aed088c-e3a4-4714-a63d-3056eabddafa | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| 2ccc602e-29d4-46b2-a501-19a17a6a9b8f | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 7021bdb8-e775-4c88-8976-06c1549f0440 | Linux bridge agent | compute1 | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
(4)檢查neutron網卡:
brctl show
bridge name bridge id STP enabled interfaces
brqc148981c-3a 8000.000c29e416df no eth0
tap8c4ff3d7-3e
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.253 0.0.0.0 UG 99 0 0 brqc148981c-3a
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 brqc148981c-3a
172.16.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
4、建立虛拟網絡(網絡選項1-提供商網絡):
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
(1)參數說明:
--share #允許所有項目使用虛拟網絡;
--external #将虛拟網絡定義為外部,如果您希望建立内部網絡,則可以使用--internal,預設值是internal;
--provider-physical-network provider #建立的實體網絡接口;
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
--provider-network-type flat provider #網絡類型為扁平網絡,網絡的名稱為provider;
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks = provider
5、在虛拟網絡上建立子網:
openstack subnet create --network provider \
--allocation-pool start=10.0.0.70,end=10.0.0.90 \
--dns-nameserver 114.114.114.114 --gateway 10.0.0.253 \
--subnet-range 10.0.0.0/24 provider-subnet
(1)參數解釋:
--network provider #虛拟網絡的名稱為provider;
--allocation-pool start=10.0.0.70,end=10.0.0.90 #虛拟網絡子網的位址池範圍;
--dns-nameserver 114.114.114.114 #虛拟網絡子網的dns位址;
--gateway 10.0.0.253 #虛拟網絡子網的網關位址;
--subnet-range 10.0.0.0/24 #虛拟網絡子網網絡和掩碼;
provider-subnet #子網的名稱為provider-subnet;
(2)驗證網絡:
openstack network list
+------------------------------------------------+-------------+------------------------------------------------------+
| ID | Name | Subnets |
+------------------------------------------------+-------------+------------------------------------------------------+
| c148981c-3a89-4d41-b570-3a04dc71c0b7 | provider | 22439e82-276b-4422-8162-b90805876921 |
+------------------------------------------------+---------------------------------------------------------------------+
openstack subnet list
+-------------------------------------------------------+-------------------+------------------------------------------------+-------------+
| ID | Name | Network | Subnet |
+-------------------------------------------------------+-------------------+------------------------------------------------+-------------+
| 22439e82-276b-4422-8162-b90805876921 | provider-subnet | c148981c-3a89-4d41-b570-3a04dc71c0b7 | 10.0.0.0/24 |
+-------------------------------------------------------+---------------------------------------------------------------------+--------------+
6、建立雲主機類型:
(1)建立:
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
說明:雲主機預設每個執行個體最小消耗512MB記憶體,對于計算節點包含少于4GB記憶體的環境,我們建議建立名稱為m1.nano的雲主機,每個執行個體僅
需要64MB的記憶體,僅将此類型與CirrOS鏡像一起用于測試目的;
(2)檢視虛拟機資源配置設定配置檔案,包括處理器,記憶體和存儲:
openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
7、生成秘鑰對:
大多數雲主機支援公鑰認證,而不是傳統的密碼認證。在啟動執行個體之前,必須向Compute服務添加公鑰。
(1)擷取demo項目憑證:
. /scripts/demo-openstack.sh
說明:建立雲主機使用demo使用者進行建立;
(2)生成秘鑰對并添加公鑰:
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
#使用openstack在/root/.ssh/目錄下建立名為mykey的秘鑰對,并把'id_rsa.pub'公鑰上傳到雲主機,在使
#用ssh登入雲主機時不需要使用者名密碼驗證;
(3)驗證生成的秘鑰對:
openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 2d:41:60:94:a9:c8:40:61:df:9e:e9:72:05:35:d9:e7 |
+-------+-------------------------------------------------+
8、添加安全規則:
預設情況下,default安全組适用于所有執行個體,并包含拒絕遠端通路執行個體的防火牆規則。對于CirrOS等Linux映像,我們建議至少
允許ICMP(ping)和安全shell(ssh);
(1)擷取demo項目憑證:
. /scripts/demo-openstack.sh
(2)允許icmp(ping):
openstack security group rule create --proto icmp default
(3)允許shell(ssh)通路:
openstack security group rule create --proto tcp --dst-port 22 default
(4)驗證安全組:
openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+-------------+----------------------------------+------+
| fab535f0-12e9-4d00-b30f-64cf439a11f7 | default | 預設安全組 | 7c669159485646e08448dedeb506fa2c | [] |
+--------------------------------------+---------+-------------+----------------------------------+------+
9、啟動執行個體(網絡選項1-提供商網絡):
(1)擷取demo項目憑證:
. /scripts/demo-openstack.sh
(2)列出可用的雲主機配置檔案:
openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
(3)列出可用的雲主機鏡像:
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| a036ec33-6df8-45ec-adbe-4b0ac189dc8c | cirros | active |
+--------------------------------------+--------+--------+
(4)列出可用的網絡:
openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| c148981c-3a89-4d41-b570-3a04dc71c0b7 | provider | 22439e82-276b-4422-8162-b90805876921 |
+--------------------------------------+----------+--------------------------------------+
(5)列出可用的安全組:
openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+-------------+----------------------------------+------+
| fab535f0-12e9-4d00-b30f-64cf439a11f7 | default | Default security group | 7c669159485646e08448dedeb506fa2c | [] |
+--------------------------------------+---------+-------------+----------------------------------+------+
(6)啟動:
openstack server create --flavor m1.nano --image cirros \
--nic net-id=c148981c-3a89-4d41-b570-3a04dc71c0b7 --security-group default \
--key-name mykey provider-instance
1)參數說明:
--flavor m1.nano #雲主機的類型;
--image cirros #雲主機鏡像名稱;
--nic net-id=c148981c-3a89-4d41-b570-3a04dc71c0b7 #建立的虛拟網絡id;
--security-group default #使用的是預設安全組;
--key-name mykey #使用的秘鑰對為mykey;
provider-instance #建立的雲主機執行個體名稱為;
(7)檢查雲主機執行個體狀态:
openstack server list
+--------------------------------------+-------------------+--------+--------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+--------------------+--------+---------+
| b431f17d-0a1a-491c-9020-05da958cddd0 | provider-instance | ACTIVE
+--------------------------------------+-------------------+--------+--------------------+--------+---------+
補充:執行個體的管理 openstack server reboot/start/stop/delete b431f17d-0a1a-491c-9020-05da958cddd0
(8)獲得通路執行個體的虛拟控制台url位址:
openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=61203d7b-ee63-4aba-8cc0-086631bc8b14 |
+-------+---------------------------------------------------------------------------------+
#注意:上面的url在每次執行顯示url值時會發生改變;
10、驗證:
(1)通過web界面通路雲主機:
(2)在計算節點驗證:
1)檢視虛拟機:
virsh list --all
Id 名稱 狀态
----------------------------------------------------
2 instance-00000004 running
2)檢視虛拟機的磁盤位置:
virsh domblklist instance-00000004
目标 源
------------------------------------------------
vda /var/lib/nova/instances/b431f17d-0a1a-491c-9020-05da958cddd0/disk
3)檢視主機網絡:
brctl show
bridge name bridge id STP enabled interfaces
brqc148981c-3a 8000.000c2944bb23 no eth0
tapcfd03699-61
#提示:在沒有建立虛拟機的時候計算節點是不會建立橋接的;
4)ping虛拟機:
(3)控制節點驗證:
(4)小結:
通過以上驗證可以得知,虛拟機同過橋接的模式在計算節點上的eth0網卡上,從邏輯上可以看做
虛拟機和控制節點、計算節點在同一個網段,連在了同一台交換機上;也可以改變虛拟機在計算節點上的橋接
網卡,比如橋接到的是eth1網卡,隻要能和控制節點的dhcp-agent通信即可;