|
|
这部分创建必须的虚拟网络来支持创建多个实例。网络选项1包含一个使用公共虚拟网络(外部网络)的实例。网络选项2包含一个使用公共虚拟网络的实例、一个使用私有虚拟网络(私有网络)的实例。
1、创建虚拟网络
根据你在网络选项中的选择来创建虚拟网络。如果你选择选项1,只需创建一个公有网络。如果你选择选项2,同时创建一个公有网络和一个私有网络
在你完成自己环境中合适网络的创建后,你可以继续后面的步骤来准备创建实例。
[iyunv@linux-node1 ~]# source admin-openstack
[iyunv@linux-node1 ~]# openstack network create --share --provider-physical-network public --provider-network-type flat public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-01-13T14:47:08Z |
| description | |
| headers | |
| id | c41444e8-76af-44de-ac11-7ffa76bf42cc |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| mtu | 1500 |
| name | public |
| port_security_enabled | True |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | None |
| revision_number | 3 |
| router:external | Internal |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2017-01-13T14:47:08Z |
+---------------------------+--------------------------------------+
[iyunv@linux-node1 ~]# neutron net-list
+--------------------------------------+--------+---------+
| id | name | subnets |
+--------------------------------------+--------+---------+
| c41444e8-76af-44de-ac11-7ffa76bf42cc | public | |
+--------------------------------------+--------+---------+
[iyunv@linux-node1 ~]# openstack subnet create --network public \
> --allocation-pool start=192.168.56.100,end=192.168.56.200 \
> --dns-nameserver 192.168.56.2 --gateway 192.168.56.2 \
> --subnet-range 192.168.56.0/24 public-subnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.56.100-192.168.56.200 |
| cidr | 192.168.56.0/24 |
| created_at | 2017-01-13T14:48:43Z |
| description | |
| dns_nameservers | 192.168.56.2 |
| enable_dhcp | True |
| gateway_ip | 192.168.56.2 |
| headers | |
| host_routes | |
| id | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public-subnet |
| network_id | c41444e8-76af-44de-ac11-7ffa76bf42cc |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| revision_number | 2 |
| service_types | [] |
| subnetpool_id | None |
| updated_at | 2017-01-13T14:48:43Z |
+-------------------+--------------------------------------+
[iyunv@linux-node1 ~]# neutron subnet-list
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
2、创建m1.nano类型
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
[iyunv@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
3、生成一个键值对
大部分云镜像支持 :term:`public key authentication`而不是传统的密码登陆。在启动实例前,你必须添加一个公共密钥到计算服务。
1)导入``demo``项目凭证
[iyunv@linux-node1 ~]# source demo-openstack
2)生成和添加秘钥对
[iyunv@linux-node1 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[iyunv@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 59:6b:ef:87:46:60:7a:e9:1d:e2:30:45:cd:f3:8b:c6 |
| name | mykey |
| user_id | f83238e0bc2444a197cdf36e8db6a67d |
+-------------+-------------------------------------------------+
注释:你可以跳过执行 ssh-keygen 命令而使用已存在的公钥
3)验证公钥的添加
[iyunv@linux-node1 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 59:6b:ef:87:46:60:7a:e9:1d:e2:30:45:cd:f3:8b:c6 |
+-------+-------------------------------------------------+
4、新增安全组规则
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default 安全组
# Permit ICMP (ping)
[iyunv@linux-node1 ~]# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-01-14T12:28:56Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
| id | 28b62d70-2929-46ff-a016-e8ba8d024b74 |
| port_range_max | None |
| port_range_min | None |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 |
| updated_at | 2017-01-14T12:28:56Z |
+-------------------+--------------------------------------+
# 允许安全 shell (SSH) 的访问
[iyunv@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-01-14T12:29:08Z |
| description | |
| direction | ingress |
| ethertype | IPv4 |
| headers | |
| id | bcaf15fe-3f9d-45a5-845e-db893e65b07e |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| project_id | 4378796a61c0468fb8cceda3fd5258dc |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 |
| updated_at | 2017-01-14T12:29:08Z |
+-------------------+--------------------------------------+
5、启动一个实例
5.1 在公有网络上创建实例
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称
1、 控制节点上,获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[iyunv@linux-node1 ~]# source admin-openstack
2、 一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储
[iyunv@linux-node1 ~]# openstack flavor list # 列出可用类型
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
3、列出可用镜像
[iyunv@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 1c6e8080-b3a3-4b7f-979c-0f2c5d0b408a | cirros | active |
+--------------------------------------+--------+--------+
4、列出可用网络
[iyunv@linux-node1 ~]# openstack network list
+--------------------------------------+--------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------+--------------------------------------+
| c41444e8-76af-44de-ac11-7ffa76bf42cc | public | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 |
+--------------------------------------+--------+--------------------------------------+
5、列出可以的安全组
[iyunv@linux-node1 ~]# openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+-------------+----------------------------------+
| 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | default | 缺省安全组 | 4378796a61c0468fb8cceda3fd5258dc |
+--------------------------------------+---------+-------------+----------------------------------+
启动云主机
注:使用``provider``公有网络的ID替换``PUBLIC_NET_ID`` 即:openstack network list
本案例:如果你选择选项1并且你的环境只有一个网络,你可以省去``–nic`` 选项因为OpenStack会自动选择这个唯一可用的网络
[iyunv@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros --security-group default --key-name mykey demo-instance +--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | sF4VCrbpttsQ |
| config_drive | |
| created | 2017-01-14T12:44:57Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 755fa8ad-36c7-42be-a0dd-f0196522776d |
| image | cirros (1c6e8080-b3a3-4b7f-979c-0f2c5d0b408a) |
| key_name | mykey |
| name | demo-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 1422ce46981848578060cf73fba40b3b |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2017-01-14T12:44:58Z |
| user_id | f83238e0bc2444a197cdf36e8db6a67d |
+--------------------------------------+-----------------------------------------------+
# 检查实例状态
[iyunv@linux-node1 ~]# openstack server list
+--------------------------------------+---------------+--------+-----------------------+------------+
| ID | Name | Status | Networks | Image Name |
+--------------------------------------+---------------+--------+-----------------------+------------+
| 755fa8ad-36c7-42be-a0dd-f0196522776d | demo-instance | ACTIVE | public=192.168.56.102 | cirros |
+--------------------------------------+---------------+--------+-----------------------+------------+
注:当构建过程完全成功后,状态会从 BUILD``变为``ACTIVE
# 使用虚拟控制台访问实例
获取你势力的 Virtual Network Computing (VNC) 会话URL并从web浏览器访问它
[iyunv@linux-node1 ~]# openstack console url show demo-instance
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.11:6080/vnc_auto.html?token=0e41d4c0-c5d9-45ed-bf1d-b8b11b887502 |
+-------+------------------------------------------------------------------------------------+
CirrOS 镜像包含传统的用户名/密码认证方式并需在登录提示中提供这些这些认证。登录到 CirrOS 后,我们建议您验证使用``ping``验证网络的连通性。
验证:
1)能否ping通公有网络的网关
2)验证能否连接到互联网
3)验证控制节点或者其他公有网络上的主机能否ping通实例(问题排查)
4)在控制节点或其他公有网络上的主机使用 SSH远程访问实例(问题排查)
6、块设备存储
7、编排
8、共享文件系统 |
|
|
|
|
|
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-6-26 20:34:21
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡