openstack-rocky安装部署-08启动一个实例
启动一个实例
create m1.nano flavor
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
生成密钥对并添加公钥
可以跳过,ssh-keygen -q -N "" ,使用现有的公钥
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 5e:d6:69:52:b4:c3:42:5c:03:aa:22:cc:b8:15:c9:20 | | name | mykey | | user_id | cf86a58ebc3f462c9465beda84ec705c | +-------------+-------------------------------------------------+
验证密钥对的添加
openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 5e:d6:69:52:b4:c3:42:5c:03:aa:22:cc:b8:15:c9:20 | +-------+-------------------------------------------------+
添加安全组,添加前默认列出如下
默认安全组为default
openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------+------------------------+----------------------------------+------+ | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | default | Default security group | c1e6cbf1502141dca4a70c7f500688f3 | [] | +--------------------------------------+---------+------------------------+----------------------------------+------+ #default安全组下规则默认如下 openstack security group rule list default +--------------------------------------+-------------+----------+------------+--------------------------------------+ | ID | IP Protocol | IP Range | Port Range | Remote Security Group | +--------------------------------------+-------------+----------+------------+--------------------------------------+ | 537c047b-360f-4d46-bed8-8c92be248455 | None | None | | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | | 9162d624-c345-404d-899f-94bd29422707 | None | None | | None | | a64b19bf-c05f-4098-b5f1-dfda02084f15 | None | None | | None | | cb5eed38-7a97-4294-b01a-088544b39677 | None | None | | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | +--------------------------------------+-------------+----------+------------+--------------------------------------+ openstack security group show default +-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2019-04-12T06:58:58Z | | description | Default security group | | id | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | | name | default | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | revision_number | 1 | | rules | created_at='2019-04-12T06:58:58Z', direction='ingress', ethertype='IPv4', id='cb5eed38-7a97-4294-b01a-088544b39677', remote_group_id='108a0e13-a1a1-49cb-8d37-3cab72f59728', updated_at='2019-04-12T06:58:58Z' | | | created_at='2019-04-12T06:58:58Z', direction='egress', ethertype='IPv6', id='a64b19bf-c05f-4098-b5f1-dfda02084f15', updated_at='2019-04-12T06:58:58Z' | | | created_at='2019-04-12T06:58:58Z', direction='egress', ethertype='IPv4', id='9162d624-c345-404d-899f-94bd29422707', updated_at='2019-04-12T06:58:58Z' | | | created_at='2019-04-12T06:58:58Z', direction='ingress', ethertype='IPv6', id='537c047b-360f-4d46-bed8-8c92be248455', remote_group_id='108a0e13-a1a1-49cb-8d37-3cab72f59728', updated_at='2019-04-12T06:58:58Z' | | tags | [] | | updated_at | 2019-04-12T06:58:58Z | +-
将规则添加到default安全组
#允许icmp openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2019-04-13T09:19:39Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 81edbd34-3d39-4fb1-9f01-14628cc496af | | name | None | | port_range_max | None | | port_range_min | None | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | | updated_at | 2019-04-13T09:19:39Z | +-------------------+--------------------------------------+ #允许ssh openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2019-04-13T09:20:23Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | a8ddf715-df86-4727-8656-40f7379a3bae | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | | updated_at | 2019-04-13T09:20:23Z | +-------------------+--------------------------------------+
创建虚拟网络,分俩种网络
网络一:provider network(即,只有公网,虚拟机直接配置公网ip的网卡)
#创建provider提供者网络 #创建网络 --share选项允许所有项目使用虚拟网络 --external选项将虚拟网络定义为外部。如果您希望创建内部网络,则可以使用--internal。默认值是internal。 --provider-physical-network provider \ --provider-network-type flat provider #ml2_conf.ini #[ml2_type_flat] #flat_networks = provider #linuxbridge_agent.ini #[linux_bridge] #physical_interface_mappings = provider:ens33 openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2019-04-12T06:58:58Z | | description | | | dns_domain | None | | id | 29c05cbd-c675-47fb-adbf-e8568733559b | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1500 | | name | provider | | port_security_enabled | True | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 0 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2019-04-12T06:58:58Z | +---------------------------+--------------------------------------+ #在网络上创建子网 openstack subnet create --network provider \ --allocation-pool start=172.20.10.100,end=172.20.10.120 \ --dns-nameserver 172.20.10.1 --gateway 172.20.10.1 \ --subnet-range 172.20.10.0/24 provider +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 172.20.10.100-172.20.10.120 | | cidr | 172.20.10.0/24 | | created_at | 2019-04-12T07:08:14Z | | description | | | dns_nameservers | 172.20.10.1 | | enable_dhcp | True | | gateway_ip | 172.20.10.1 | | host_routes | | | id | a62b9c41-bc0f-4fcd-80e0-bbad5ecb9536 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | provider | | network_id | 29c05cbd-c675-47fb-adbf-e8568733559b | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2019-04-12T07:08:14Z | +-------------------+--------------------------------------+
先列出可用的flavor,image,network,,security group
openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+ openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 5d849193-bb10-40e3-9b52-c0a83a99e821 | cirros | active | +--------------------------------------+--------+--------+ openstack network list +--------------------------------------+----------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+----------+--------------------------------------+ | 29c05cbd-c675-47fb-adbf-e8568733559b | provider | a62b9c41-bc0f-4fcd-80e0-bbad5ecb9536 | +--------------------------------------+----------+--------------------------------------+ #此实例使用provider提供商网络。但是,您必须使用ID而不是名称来引用此网络 openstack security group list +--------------------------------------+---------+------------------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------+------------------------+----------------------------------+------+ | 108a0e13-a1a1-49cb-8d37-3cab72f59728 | default | Default security group | c1e6cbf1502141dca4a70c7f500688f3 | [] | +--------------------------------------+---------+------------------------+----------------------------------+------+
在provider network上启动实例
openstack server create --flavor m1.nano --image cirros \ --nic net-id=29c05cbd-c675-47fb-adbf-e8568733559b --security-group default \ --key-name mykey test1 +-------------------------------------+-----------------------------------------------+ | Field | Value | +-------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | ruigH97a9UjH | | config_drive | | | created | 2019-04-13T09:01:38Z | | flavor | m1.nano (0) | | hostId | | | id | ec3973f1-08e4-4979-9cc9-f9731eaa383a | | image | cirros (5d849193-bb10-40e3-9b52-c0a83a99e821) | | key_name | mykey | | name | test1 | | progress | 0 | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | properties | | | security_groups | name='108a0e13-a1a1-49cb-8d37-3cab72f59728' | | status | BUILD | | updated | 2019-04-13T09:01:38Z | | user_id | cf86a58ebc3f462c9465beda84ec705c | | volumes_attached | | +-------------------------------------+-----------------------------------------------+ #列出实例,状态从改变BUILD到ACTIVE时构建过程成功完成 openstack server list +--------------------------------------+-------------------+--------+------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------------+--------+------------------------+--------+---------+ | ec3973f1-08e4-4979-9cc9-f9731eaa383a | test1 | ACTIVE | provider=172.20.10.112 | cirros | m1.nano | +--------------------------------------+-------------------+--------+------------------------+--------+---------+ #使用虚拟控制台访问实例 openstack console url show test1 +-------+---------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------+ | type | novnc | | url | http://controller:6080/vnc_auto.html?token=e8c42da7-608c-474d-bdcd-fd56c738d102 | +-------+---------------------------------------------------------------------------------+ http://10.1.1.11:6080/vnc_auto.html?token=e8c42da7-608c-474d-bdcd-fd56c738d102 cirrors gocubsgo
验证
#ping网关及互联网 ping 172.20.10.1 ping -c 4 openstack.org #远程访问实例
网络二:self-service network(即,私有网络,最后绑定一个floating-ip)
####2创建自助服务网络 #创建网络 openstack network create selfservice +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2019-04-17T08:30:44Z | | description | | | dns_domain | None | | id | 21d91d88-961d-4179-bce3-8728debf0480 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1450 | | name | selfservice | | port_security_enabled | True | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 20 | | qos_policy_id | None | | revision_number | 1 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2019-04-17T08:30:45Z | +---------------------------+--------------------------------------+ #创建子网 openstack subnet create --network selfservice \ --dns-nameserver 172.20.10.1 --gateway 172.16.1.1 \ --subnet-range 172.16.1.0/24 selfservice +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 172.16.1.2-172.16.1.254 | | cidr | 172.16.1.0/24 | | created_at | 2019-04-17T08:34:52Z | | description | | | dns_nameservers | 172.20.10.1 | | enable_dhcp | True | | gateway_ip | 172.16.1.1 | | host_routes | | | id | 23c52d0d-e1b6-4b1d-af48-f21e5382dc7f | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | selfservice | | network_id | 21d91d88-961d-4179-bce3-8728debf0480 | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2019-04-17T08:34:52Z | +-------------------+--------------------------------------+ #创建路由器 openstack router create router +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2019-04-17T08:35:56Z | | description | | | distributed | False | | external_gateway_info | None | | flavor_id | None | | ha | False | | id | 940de432-480a-477a-acf7-5966b4ca1066 | | name | router | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | revision_number | 0 | | routes | | | status | ACTIVE | | tags | | | updated_at | 2019-04-17T08:35:56Z | +-------------------------+--------------------------------------+ #将自助网络子网添加为路由器上的接口 openstack router add subnet router selfservice #在路由器上的提供商网络上设置网关 openstack router set router --external-gateway provider
验证
#列出网络名称空间。您应该看到一个qrouter名称空间和两个 qdhcp名称空间 ip netns qrouter-940de432-480a-477a-acf7-5966b4ca1066 (id: 2) qdhcp-21d91d88-961d-4179-bce3-8728debf0480 (id: 1) qdhcp-29c05cbd-c675-47fb-adbf-e8568733559b (id: 0) #列出路由器上的端口以确定提供商网络上的网关IP地址 openstack port list --router router +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+ | 403e6df0-ab7b-470e-8160-b787b5e3b4aa | | fa:16:3e:83:1b:31 | ip_address='172.16.1.1', subnet_id='23c52d0d-e1b6-4b1d-af48-f21e5382dc7f' | ACTIVE | | e6f9c0d6-1d92-4234-8bda-1917f6c7c868 | | fa:16:3e:65:38:aa | ip_address='172.20.10.116', subnet_id='a62b9c41-bc0f-4fcd-80e0-bbad5ecb9536' | ACTIVE | +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+ #从控制器节点或物理提供商网络上的任何主机ping此IP地址 ping -c 4 172.20.10.116
在自助服务网络上启动实例
openstack server create --flavor m1.nano --image cirros \ --nic net-id=21d91d88-961d-4179-bce3-8728debf0480 --security-group default \ --key-name mykey selfservice-instance +-------------------------------------+-----------------------------------------------+ | Field | Value | +-------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | B5UuyP62v4eD | | config_drive | | | created | 2019-04-17T08:57:33Z | | flavor | m1.nano (0) | | hostId | | | id | c2bffe73-aaf0-47f5-9a46-be0059149626 | | image | cirros (5d849193-bb10-40e3-9b52-c0a83a99e821) | | key_name | mykey | | name | selfservice-instance | | progress | 0 | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | properties | | | security_groups | name='108a0e13-a1a1-49cb-8d37-3cab72f59728' | | status | BUILD | | updated | 2019-04-17T08:57:33Z | | user_id | cf86a58ebc3f462c9465beda84ec705c | | volumes_attached | | +-------------------------------------+-----------------------------------------------+ openstack server list +--------------------------------------+----------------------+---------+-------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+----------------------+---------+-------------------------+--------+---------+ | c2bffe73-aaf0-47f5-9a46-be0059149626 | selfservice-instance | ACTIVE | selfservice=172.16.1.27 | cirros | m1.nano | | ec3973f1-08e4-4979-9cc9-f9731eaa383a | test1 | SHUTOFF | provider=172.20.10.112 | cirros | m1.nano | +--------------------------------------+----------------------+---------+-------------------------+--------+---------+ openstack console url show selfservice-instance +-------+---------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------+ | type | novnc | | url | http://controller:6080/vnc_auto.html?token=be8c92b2-b38e-4363-9b97-5148c64e3bab | +-------+---------------------------------------------------------------------------------+ http://10.1.1.11:6080/vnc_auto.html?token=be8c92b2-b38e-4363-9b97-5148c64e3bab
远程访问实例
在提供商虚拟网络上创建浮动IP地址
openstack floating ip create provider +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2019-04-17T09:06:14Z | | description | | | dns_domain | None | | dns_name | None | | fixed_ip_address | None | | floating_ip_address | 172.20.10.103 | | floating_network_id | 29c05cbd-c675-47fb-adbf-e8568733559b | | id | 135be176-29ef-45e2-a958-f3ff5cf8ca36 | | name | 172.20.10.103 | | port_details | None | | port_id | None | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | qos_policy_id | None | | revision_number | 0 | | router_id | None | | status | DOWN | | subnet_id | None | | tags | [] | | updated_at | 2019-04-17T09:06:14Z | +---------------------+--------------------------------------+ #将浮动IP地址与实例关联 openstack server add floating ip selfservice-instance 172.20.10.103 #检查浮动IP地址的状态: openstack server list +--------------------------------------+----------------------+---------+----------------------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+----------------------+---------+----------------------------------------+--------+---------+ | c2bffe73-aaf0-47f5-9a46-be0059149626 | selfservice-instance | ACTIVE | selfservice=172.16.1.27, 172.20.10.103 | cirros | m1.nano | | ec3973f1-08e4-4979-9cc9-f9731eaa383a | test1 | SHUTOFF | provider=172.20.10.112 | cirros | m1.nano | +--------------------------------------+----------------------+---------+----------------------------------------+--------+---------+
挂载数据盘
#创建卷 openstack volume create --size 1 volume1 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | consistencygroup_id | None | | created_at | 2019-04-12T06:43:35.000000 | | description | None | | encrypted | False | | id | 29bf3e76-6b29-4c86-b1ad-5539d1be0248 | | migration_status | None | | multiattach | False | | name | volume1 | | properties | | | replication_status | None | | size | 1 | | snapshot_id | None | | source_volid | None | | status | creating | | type | None | | updated_at | None | | user_id | cf86a58ebc3f462c9465beda84ec705c | +---------------------+--------------------------------------+ openstack volume list +--------------------------------------+---------+-----------+------+-------------+ | ID | Name | Status | Size | Attached to | +--------------------------------------+---------+-----------+------+-------------+ | 29bf3e76-6b29-4c86-b1ad-5539d1be0248 | volume1 | available | 1 | | +--------------------------------------+---------+-----------+------+-------------+ #将卷附加到实例 openstack server add volume test1 volume1 openstack server show test1 +-------------------------------------+----------------------------------------------------------+ | Field | Value | +-------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | ceph2 | | OS-EXT-SRV-ATTR:hypervisor_hostname | ceph2 | | OS-EXT-SRV-ATTR:instance_name | instance-00000002 | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2019-04-13T09:01:57.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | provider=172.20.10.112 | | config_drive | | | created | 2019-04-13T09:01:38Z | | flavor | m1.nano (0) | | hostId | 5865fd675d61f04b4f4187a5f84f98b38c51c8b28323d85d23291838 | | id | ec3973f1-08e4-4979-9cc9-f9731eaa383a | | image | cirros (5d849193-bb10-40e3-9b52-c0a83a99e821) | | key_name | mykey | | name | test1 | | progress | 0 | | project_id | c1e6cbf1502141dca4a70c7f500688f3 | | properties | | | security_groups | name='default' | | status | ACTIVE | | updated | 2019-04-13T09:01:57Z | | user_id | cf86a58ebc3f462c9465beda84ec705c | | volumes_attached | id='29bf3e76-6b29-4c86-b1ad-5539d1be0248' | +-------------------------------------+----------------------------------------------------------+
浙公网安备 33010602011771号