创建 OpenStack云主机 [六]

openstack

时间:2016年11月28日

创建虚拟网络
 创建m1.nano规格的主机(相等于定义虚拟机的硬件配置)生成一个密钥对(openstack的原理是不使用密码连接,而是使用密钥对进行连接)
 增加安全组规则(用iptables做的安全组)
 启动一个实例(使用命令启动,启动虚拟机有三种方式:1.命令CLI 2.api 3.Dashboard)其实Dashboard也是通过api进行连接块设备存储编排共享文件系统

  虚拟网络分为提供者网络私有网络,提供者网络就是跟主机在同一个网络里,私有网络相当于单独创建一个路由器,跟主机不在一个网络

提供者网络架构
image_1b2kp30u1po01btg1efln08d879.png-107.7kB

1、创建虚拟网络

提示:虚拟网络必须使用admin权限进行创建

 
  1. [root@linux-node1 ~]# source admin-openstack.sh
  2. [root@linux-node1 ~]# neutron net-create --shared --provider:physical_network public--provider:network_type flat public-net
  3. Created a new network:
  4. +---------------------------+--------------------------------------+
  5. |Field|Value|
  6. +---------------------------+--------------------------------------+
  7. | admin_state_up |True|
  8. | availability_zone_hints ||
  9. | availability_zones ||
  10. | created_at |2016-11-22T01:52:36|
  11. | description ||
  12. | id | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |
  13. | ipv4_address_scope ||
  14. | ipv6_address_scope ||
  15. | mtu |1500|
  16. | name |public-net |
  17. | port_security_enabled |True|
  18. | provider:network_type | flat |
  19. | provider:physical_network |public|
  20. | provider:segmentation_id ||
  21. | router:external |False|
  22. | shared |True|
  23. | status | ACTIVE |
  24. | subnets ||
  25. | tags ||
  26. | tenant_id |026a58f98402437fa95ef4a21fbd4d1a|
  27. | updated_at |2016-11-22T01:52:36|
  28. +---------------------------+--------------------------------------+
  30. #neutron net-create --shared(共享网络) --provider:physical_network(物理网络) public(物理网络的名称) --provider:network_type(创建的网络类型为flat) flat public-net(自定义一个名称)

检查是否创建成功

 
  1. [root@linux-node1 ~]# neutron net-list
  2. +--------------------------------------+------------+---------+
  3. | id | name | subnets |
  4. +--------------------------------------+------------+---------+
  5. | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |public-net ||
  6. +--------------------------------------+------------+---------+

现在我们还需要创建子网

 
  1. [root@linux-node1 ~]# neutron subnet-create --name public-subnet --allocation-pool start=192.168.56.100,end=192.168.56.200--dns-nameserver 223.5.5.5--gateway 192.168.56.2public-net 192.168.56.0/24
  2. Created a new subnet:
  3. +-------------------+------------------------------------------------------+
  4. |Field|Value|
  5. +-------------------+------------------------------------------------------+
  6. | allocation_pools |{"start":"192.168.56.100","end":"192.168.56.200"}|
  7. | cidr |192.168.56.0/24|
  8. | created_at |2016-11-22T02:05:06|
  9. | description ||
  10. | dns_nameservers |223.5.5.5|
  11. | enable_dhcp |True|
  12. | gateway_ip |192.168.56.2|
  13. | host_routes ||
  14. | id |696eb806-f548-46c2-a653-d05724446daf |
  15. | ip_version |4|
  16. | ipv6_address_mode ||
  17. | ipv6_ra_mode ||
  18. | name |public-subnet |
  19. | network_id | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |
  20. | subnetpool_id ||
  21. | tenant_id |026a58f98402437fa95ef4a21fbd4d1a|
  22. | updated_at |2016-11-22T02:05:06|
  23. +-------------------+------------------------------------------------------+
  27. neutron subnet-create 子网创建
  28. --name (名称)
  29. --allocationpool 分配地址池
  30. start=开始IP地址
  31. end=结束IP地址
  32. dns-nameserver DNS地址
  33. --gateway 网关
  34. provider 提供者的网络(要跟创建网络的名称对应起来)

检查是否关联成功

 
  1. [root@linux-node1 ~]# neutron net-list
  2. +--------------------------------------+------------+------------------------------------------------------+
  3. | id | name | subnets |
  4. +--------------------------------------+------------+------------------------------------------------------+
  5. | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |public-net |696eb806-f548-46c2-a653-d05724446daf 192.168.56.0/24|
  6. +--------------------------------------+------------+------------------------------------------------------+

查看子网

 
  1. [root@linux-node1 ~]# neutron subnet-list
  2. +--------------------------------------+---------------+-----------------+------------------------------------------------------+
  3. | id | name | cidr | allocation_pools |
  4. +--------------------------------------+---------------+-----------------+------------------------------------------------------+
  5. |696eb806-f548-46c2-a653-d05724446daf |public-subnet |192.168.56.0/24|{"start":"192.168.56.100","end":"192.168.56.200"}|
  6. +--------------------------------------+---------------+-----------------+------------------------------------------------------+

2.创建m1.nano规格的主机

默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的m1.nano规格的主机。若单纯为了测试的目的,请使用m1.nano规格的主机来加载CirrOS镜像

 
  1. [root@linux-node1 ~]# openstack flavor create --id 0--vcpus 1--ram 64--disk 1 m1.nano
  2. +----------------------------+---------+
  3. |Field|Value|
  4. +----------------------------+---------+
  5. | OS-FLV-DISABLED:disabled |False|
  6. | OS-FLV-EXT-DATA:ephemeral |0|
  7. | disk |1|
  8. | id |0|
  9. | name | m1.nano |
  10. | os-flavor-access:is_public |True|
  11. | ram |64|
  12. | rxtx_factor |1.0|
  13. | swap ||
  14. | vcpus |1|
  15. +----------------------------+---------+
  17. openstack flavor create 创建主机
  18. --id 主机ID
  19. --vcpus cpu
  20. --ram 64兆(如果想加G,直接写64G即可)
  21. --disk 磁盘(单位是G

查看

 
  1. [root@linux-node1 ~]# openstack flavor list
  2. +----+-----------+-------+------+-----------+-------+-----------+
  3. | ID |Name| RAM |Disk|Ephemeral|VCPUs|IsPublic|
  4. +----+-----------+-------+------+-----------+-------+-----------+
  5. |0| m1.nano |64|1|0|1|True|
  6. |1| m1.tiny |512|1|0|1|True|
  7. |2| m1.small |2048|20|0|1|True|
  8. |3| m1.medium |4096|40|0|2|True|
  9. |4| m1.large |8192|80|0|4|True|
  10. |5| m1.xlarge |16384|160|0|8|True|
  11. +----+-----------+-------+------+-----------+-------+-----------+

提示:1-5是默认的,0是我们创建的

生成一个键值对
 大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。

提示:我们使用demo用户进行操作
生成密钥

 
  1. [root@linux-node1 ~]# source demo-openstack.sh
  2. [root@linux-node1 ~]# ssh-keygen -q -N ""
  3. Enter file in which to save the key (/root/.ssh/id_rsa):

在openstack上创建密钥对

 
  1. [root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
  2. +-------------+-------------------------------------------------+
  3. |Field|Value|
  4. +-------------+-------------------------------------------------+
  5. | fingerprint |9e:92:7a:89:b8:cc:86:fa:5d:2d:e9:5f:35:cd:43:01|
  6. | name | mykey |
  7. | user_id | a78ec26501374df4a574bd3f8153d67f |
  8. +-------------+-------------------------------------------------+

验证规则

 
  1. [root@linux-node1 ~]# openstack keypair list
  2. +-------+-------------------------------------------------+
  3. |Name|Fingerprint|
  4. +-------+-------------------------------------------------+
  5. | mykey |9e:92:7a:89:b8:cc:86:fa:5d:2d:e9:5f:35:cd:43:01|
  6. +-------+-------------------------------------------------+

增加安全组
  默认情况下,default安全组适用于所有实例并且包括拒绝访问实例的防火墙规则,对这样的Linux镜像,我们推荐至少允许ICMP(ping)和安全shell(SSH)规则

添加规则到default安全组
允许ICMP(ping)

 
  1. [root@linux-node1 ~]# openstack security group rule create --proto icmp default
  2. +-----------------------+--------------------------------------+
  3. |Field|Value|
  4. +-----------------------+--------------------------------------+
  5. | id |2a2af0f1-e3ab-426d-9716-10615bec3e75|
  6. | ip_protocol | icmp |
  7. | ip_range |0.0.0.0/0|
  8. | parent_group_id |58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 |
  9. | port_range ||
  10. | remote_security_group ||
  11. +-----------------------+--------------------------------------+

允许安全 shell (SSH) 的访问:

 
  1. [root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22default
  2. +-----------------------+--------------------------------------+
  3. |Field|Value|
  4. +-----------------------+--------------------------------------+
  5. | id |94aa695c-58dc-4033-8c26-58f7f5482051|
  6. | ip_protocol | tcp |
  7. | ip_range |0.0.0.0/0|
  8. | parent_group_id |58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 |
  9. | port_range |22:22|
  10. | remote_security_group ||
  11. +-----------------------+--------------------------------------+

启动一个实例

在公有网络上创建实例确定实例选项
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称

我们还是使用demo用户进行设置

列出可用类型

 
  1. [root@linux-node1 ~]# source demo-openstack.sh
  2. [root@linux-node1 ~]# openstack flavor list
  3. +----+-----------+-------+------+-----------+-------+-----------+
  4. | ID |Name| RAM |Disk|Ephemeral|VCPUs|IsPublic|
  5. +----+-----------+-------+------+-----------+-------+-----------+
  6. |0| m1.nano |64|1|0|1|True|
  7. |1| m1.tiny |512|1|0|1|True|
  8. |2| m1.small |2048|20|0|1|True|
  9. |3| m1.medium |4096|40|0|2|True|
  10. |4| m1.large |8192|80|0|4|True|
  11. |5| m1.xlarge |16384|160|0|8|True|
  12. +----+-----------+-------+------+-----------+-------+-----------+

因为我们在上面已经创建的,名字是m1.nano

列出可用的镜像

 
  1. [root@linux-node1 ~]# openstack image list
  2. +--------------------------------------+--------+--------+
  3. | ID |Name|Status|
  4. +--------------------------------------+--------+--------+
  5. | fc67361d-ad30-40b2-9d96-941e50fc17f5| cirros | active |
  6. +--------------------------------------+--------+--------+

列出可用的网络

 
  1. [root@linux-node1 ~]# openstack network list
  2. +--------------------------------------+------------+--------------------------------------+
  3. | ID |Name|Subnets|
  4. +--------------------------------------+------------+--------------------------------------+
  5. | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |public-net |696eb806-f548-46c2-a653-d05724446daf |
  6. +--------------------------------------+------------+--------------------------------------+

创建网络的时候使用的不是名称,而是ID

列出可用的安全组

 
  1. [root@linux-node1 ~]# openstack security group list
  2. +--------------------------------------+---------+------------------------+----------------------------------+
  3. | ID |Name|Description|Project|
  4. +--------------------------------------+---------+------------------------+----------------------------------+
  5. |58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 |default|Default security group| ff5398ee1b2e4d00bafd57f82dc150e6 |
  6. +--------------------------------------+---------+------------------------+----------------------------------+

创建实例
启动实例:
使用provider公有网络的ID替换PUBLIC_NET_ID。

 
  1. [root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros \
  2. --nic net-id=b9f2214e-14a6-4988-b199-ad72eff0d6b9 --security-groupdefault \
  3. --key-name mykey provider-instance
  4. +--------------------------------------+----------------------------------------------------------+
  5. |Field|Value|
  6. +--------------------------------------+----------------------------------------------------------+
  7. | OS-DCF:diskConfig | MANUAL |
  8. | OS-EXT-AZ:availability_zone | nova |
  9. | OS-EXT-STS:power_state |0|
  10. | OS-EXT-STS:task_state | block_device_mapping |
  11. | OS-EXT-STS:vm_state | building |
  12. | OS-SRV-USG:launched_at |None|
  13. | OS-SRV-USG:terminated_at |None|
  14. | accessIPv4 ||
  15. | accessIPv6 ||
  16. | addresses ||
  17. | adminPass | e6aHhdr43Hjz |
  18. | config_drive ||
  19. | created |2016-11-22T03:48:01Z|
  20. | flavor | m1.nano (0)|
  21. | hostId |6248511bd1ebfa25a7a99fe7c357194cc5fe54249b0228cc94fd51fd|
  22. | id |55877c1a-7a08-4ddd-95a6-3c5376ba5c55|
  23. | image | cirros (fc67361d-ad30-40b2-9d96-941e50fc17f5)|
  24. | key_name | mykey |
  25. | name | provider-instance |
  26. | os-extended-volumes:volumes_attached |[]|
  27. | progress |0|
  28. | project_id | ff5398ee1b2e4d00bafd57f82dc150e6 |
  29. | properties ||
  30. | security_groups |[{u'name': u'default'}]|
  31. | status | BUILD |
  32. | updated |2016-11-22T03:48:02Z|
  33. | user_id | a78ec26501374df4a574bd3f8153d67f |
  34. +--------------------------------------+----------------------------------------------------------+

image_1b2kqc6bf1qpjnvd137p1gr11pn3m.png-111kB

 
  1. openstack server create 创建实例
  2. --flavor 创建的类型
  3. --image 镜像
  4. --nic net-id=网络ID
  5. --security-group设置安全组
  6. --key-name key设置
  7. 最后一个是实例名称

检查

 
  1. [root@linux-node1 ~]# openstack server list
  2. +--------------------------------------+-------------------+--------+---------------------------+
  3. | ID |Name|Status|Networks|
  4. +--------------------------------------+-------------------+--------+---------------------------+
  5. |55877c1a-7a08-4ddd-95a6-3c5376ba5c55| provider-instance | ACTIVE |public-net=192.168.56.101|
  6. +--------------------------------------+-------------------+--------+---------------------------+

如果无法创建虚拟机,我们需要查看所有的日志,可以直接使用

 
  1. grep 'ERROR'/var/log/nova/*
  2. grep 'ERROR' /var/log/neutron/*
  3. grep 'ERROR' /var/log/glance/*
  4. grep 'ERROR' /var/log/keystone/*

以及查看iptables selinux时间同步等!

提示:需要在控制节点和计算节点都进行操作,因为创建虚拟机是在计算节点。最好提前把日志清空

测试IP

 
  1. [root@linux-node1 ~]# ping 192.168.56.101
  2. PING 192.168.56.101(192.168.56.101)56(84) bytes of data.
  3. 64 bytes from192.168.56.101: icmp_seq=1 ttl=64 time=0.784 ms
  4. 64 bytes from192.168.56.101: icmp_seq=2 ttl=64 time=0.578 ms
  5. 64 bytes from192.168.56.101: icmp_seq=3 ttl=64 time=0.426 ms

删除虚拟机

 
  1. [root@linux-node1 ~]# openstack server list
  2. +--------------------------------------+-------------------+--------+---------------------------+
  3. | ID |Name|Status|Networks|
  4. +--------------------------------------+-------------------+--------+---------------------------+
  5. |55877c1a-7a08-4ddd-95a6-3c5376ba5c55| provider-instance | ACTIVE |public-net=192.168.56.101|
  6. +--------------------------------------+-------------------+--------+---------------------------+
  7. [root@linux-node1 ~]# openstack server delete55877c1a-7a08-4ddd-95a6-3c5376ba5c55
  8. [root@linux-node1 ~]# openstack server list

检查

 
  1. nova service-list
  2. neutron anget-list
  3. nova image-list

提示:我们创建虚拟机使用的是demo,所以我们如果想查看主机也要使用demo的脚本进行查看

使用虚拟控制台访问实例
获取你实例的Virtual Network Computing (VNC)会话URL并从web浏览器访问它:

 
  1. [root@linux-node1 ~]# openstack server list
  2. +--------------------------------------+-------------------+--------+---------------------------+
  3. | ID |Name|Status|Networks|
  4. +--------------------------------------+-------------------+--------+---------------------------+
  5. |62d3f70e-ed8e-4840-8104-99fd2de7e689| provider-instance | ACTIVE |public-net=192.168.56.104|
  6. +--------------------------------------+-------------------+--------+---------------------------+

show后面填写的是我们server的名称

 
  1. [root@linux-node1 ~]# openstack console url show provider-instance
  2. +-------+------------------------------------------------------------------------------------+
  3. |Field|Value|
  4. +-------+------------------------------------------------------------------------------------+
  5. | type | novnc |
  6. | url | http://192.168.56.11:6080/vnc_auto.html?token=4b7925f4-773f-4a24-89f7-f5daea6a591c |
  7. +-------+------------------------------------------------------------------------------------+

我们复制这个url进行访问
image_1b2kqgdpk1mcm1s349a2k3vmmh13.png-37.4kB

账号:cirros
密码:cubswin:)

提示:要使用火狐或者谷歌访问,其他浏览器可能无法打开,因为这个页面是html5
我们在这个6080端口这个页面操作的信息会被转发到192.168.56.12:5900端口。因为12是计算节点

posted @ 2018-01-17 14:53  北方客888  阅读(115)  评论(0)    收藏  举报