创建 OpenStack云主机 [六]

9oijl1111 · 发表于 2016-11-29 08:56:51

创建虚拟网络
　创建m1.nano规格的主机（相等于定义虚拟机的硬件配置）生成一个密钥对（openstack的原理是不使用密码连接，而是使用密钥对进行连接）
　增加安全组规则（用iptables做的安全组）
　启动一个实例（使用命令启动，启动虚拟机有三种方式：1.命令CLI 2.api 3.Dashboard）其实Dashboard也是通过api进行连接块设备存储编排共享文件系统

　　虚拟网络分为提供者网络和私有网络，提供者网络就是跟主机在同一个网络里，私有网络相当于单独创建一个路由器，跟主机不在一个网络

提供者网络架构

1、创建虚拟网络

提示：虚拟网络必须使用admin权限进行创建

[iyunv@linux-node1 ~]# source admin-openstack.sh
[iyunv@linux-node1 ~]# neutron net-create --shared --provider:physical_network public --provider:network_type flat public-net
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-11-22T01:52:36 |
| description | |
| id | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | public-net |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 026a58f98402437fa95ef4a21fbd4d1a |
| updated_at | 2016-11-22T01:52:36 |
+---------------------------+--------------------------------------+
#neutron net-create --shared(共享网络) --provider:physical_network(物理网络) public(物理网络的名称) --provider:network_type（创建的网络类型为flat） flat public-net（自定义一个名称）

检查是否创建成功

[iyunv@linux-node1 ~]# neutron net-list
+--------------------------------------+------------+---------+
| id | name | subnets |
+--------------------------------------+------------+---------+
| b9f2214e-14a6-4988-b199-ad72eff0d6b9 | public-net | |
+--------------------------------------+------------+---------+

现在我们还需要创建子网

[iyunv@linux-node1 ~]# neutron subnet-create --name public-subnet --allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 223.5.5.5 --gateway 192.168.56.2 public-net 192.168.56.0/24
Created a new subnet:
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.56.100", "end": "192.168.56.200"} |
| cidr | 192.168.56.0/24 |
| created_at | 2016-11-22T02:05:06 |
| description | |
| dns_nameservers | 223.5.5.5 |
| enable_dhcp | True |
| gateway_ip | 192.168.56.2 |
| host_routes | |
| id | 696eb806-f548-46c2-a653-d05724446daf |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public-subnet |
| network_id | b9f2214e-14a6-4988-b199-ad72eff0d6b9 |
| subnetpool_id | |
| tenant_id | 026a58f98402437fa95ef4a21fbd4d1a |
| updated_at | 2016-11-22T02:05:06 |
+-------------------+------------------------------------------------------+
neutron subnet-create 子网创建
--name （名称）
--allocation—pool 分配地址池
start=开始IP地址
end=结束IP地址
dns-nameserver DNS地址
--gateway 网关
provider 提供者的网络（要跟创建网络的名称对应起来）

检查是否关联成功

[iyunv@linux-node1 ~]# neutron net-list
+--------------------------------------+------------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------------+------------------------------------------------------+
| b9f2214e-14a6-4988-b199-ad72eff0d6b9 | public-net | 696eb806-f548-46c2-a653-d05724446daf 192.168.56.0/24 |
+--------------------------------------+------------+------------------------------------------------------+

查看子网

[iyunv@linux-node1 ~]# neutron subnet-list
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+
| 696eb806-f548-46c2-a653-d05724446daf | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} |
+--------------------------------------+---------------+-----------------+------------------------------------------------------+

2.创建m1.nano规格的主机

默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的，我们推荐创建只需要64 MB的m1.nano规格的主机。若单纯为了测试的目的，请使用m1.nano规格的主机来加载CirrOS镜像

[iyunv@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
openstack flavor create 创建主机
--id 主机ID
--vcpus cpu
--ram 64兆（如果想加G，直接写64G即可）
--disk 磁盘（单位是G）

查看

[iyunv@linux-node1 ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+

提示：1-5是默认的，0是我们创建的

生成一个键值对
　大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前，你必须添加一个公共密钥到计算服务。

提示：我们使用demo用户进行操作
生成密钥

[iyunv@linux-node1 ~]# source demo-openstack.sh
[iyunv@linux-node1 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):

在openstack上创建密钥对

[iyunv@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 9e:92:7a:89:b8:cc:86:fa:5d:2d:e9:5f:35:cd:43:01 |
| name | mykey |
| user_id | a78ec26501374df4a574bd3f8153d67f |
+-------------+-------------------------------------------------+

验证规则

[iyunv@linux-node1 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 9e:92:7a:89:b8:cc:86:fa:5d:2d:e9:5f:35:cd:43:01 |
+-------+-------------------------------------------------+

增加安全组
　　默认情况下，default安全组适用于所有实例并且包括拒绝访问实例的防火墙规则，对这样的Linux镜像，我们推荐至少允许ICMP（ping）和安全shell（SSH）规则

添加规则到default安全组
允许ICMP（ping）

[iyunv@linux-node1 ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 2a2af0f1-e3ab-426d-9716-10615bec3e75 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+

允许安全 shell (SSH) 的访问：

[iyunv@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 94aa695c-58dc-4033-8c26-58f7f5482051 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+

启动一个实例

在公有网络上创建实例确定实例选项
启动一台实例，您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称

我们还是使用demo用户进行设置

列出可用类型

[iyunv@linux-node1 ~]# source demo-openstack.sh
[iyunv@linux-node1 ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+

因为我们在上面已经创建的，名字是m1.nano

列出可用的镜像

[iyunv@linux-node1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| fc67361d-ad30-40b2-9d96-941e50fc17f5 | cirros | active |
+--------------------------------------+--------+--------+

列出可用的网络

[iyunv@linux-node1 ~]# openstack network list
+--------------------------------------+------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+------------+--------------------------------------+
| b9f2214e-14a6-4988-b199-ad72eff0d6b9 | public-net | 696eb806-f548-46c2-a653-d05724446daf |
+--------------------------------------+------------+--------------------------------------+

创建网络的时候使用的不是名称，而是ID

列出可用的安全组

[iyunv@linux-node1 ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 58ed4e26-8cc1-4bdb-b9d1-c8606637e8b4 | default | Default security group | ff5398ee1b2e4d00bafd57f82dc150e6 |
+--------------------------------------+---------+------------------------+----------------------------------+

创建实例
启动实例：
使用provider公有网络的ID替换PUBLIC_NET_ID。

[iyunv@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros
--nic net-id=b9f2214e-14a6-4988-b199-ad72eff0d6b9 --security-group default
--key-name mykey provider-instance
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | block_device_mapping |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | e6aHhdr43Hjz |
| config_drive | |
| created | 2016-11-22T03:48:01Z |
| flavor | m1.nano (0) |
| hostId | 6248511bd1ebfa25a7a99fe7c357194cc5fe54249b0228cc94fd51fd |
| id | 55877c1a-7a08-4ddd-95a6-3c5376ba5c55 |
| image | cirros (fc67361d-ad30-40b2-9d96-941e50fc17f5) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | ff5398ee1b2e4d00bafd57f82dc150e6 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2016-11-22T03:48:02Z |
| user_id | a78ec26501374df4a574bd3f8153d67f |
+--------------------------------------+----------------------------------------------------------+

openstack server create 创建实例
--flavor 创建的类型
--image 镜像
--nic net-id= 网络ID
--security-group 设置安全组
--key-name key设置
最后一个是实例名称

检查

[iyunv@linux-node1 ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------------+
| 55877c1a-7a08-4ddd-95a6-3c5376ba5c55 | provider-instance | ACTIVE | public-net=192.168.56.101 |
+--------------------------------------+-------------------+--------+---------------------------+

如果无法创建虚拟机，我们需要查看所有的日志，可以直接使用

grep 'ERROR' /var/log/nova/*
grep 'ERROR' /var/log/neutron/*
grep 'ERROR' /var/log/glance/*
grep 'ERROR' /var/log/keystone/*

以及查看iptables selinux时间同步等！

提示：需要在控制节点和计算节点都进行操作，因为创建虚拟机是在计算节点。最好提前把日志清空

测试IP

[iyunv@linux-node1 ~]# ping 192.168.56.101
PING 192.168.56.101 (192.168.56.101) 56(84) bytes of data.
64 bytes from 192.168.56.101: icmp_seq=1 ttl=64 time=0.784 ms
64 bytes from 192.168.56.101: icmp_seq=2 ttl=64 time=0.578 ms
64 bytes from 192.168.56.101: icmp_seq=3 ttl=64 time=0.426 ms

删除虚拟机

[iyunv@linux-node1 ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------------+
| 55877c1a-7a08-4ddd-95a6-3c5376ba5c55 | provider-instance | ACTIVE | public-net=192.168.56.101 |
+--------------------------------------+-------------------+--------+---------------------------+
[iyunv@linux-node1 ~]# openstack server delete 55877c1a-7a08-4ddd-95a6-3c5376ba5c55
[iyunv@linux-node1 ~]# openstack server list

检查

nova service-list
neutron anget-list
nova image-list

提示：我们创建虚拟机使用的是demo，所以我们如果想查看主机也要使用demo的脚本进行查看

使用虚拟控制台访问实例
获取你实例的Virtual Network Computing (VNC)会话URL并从web浏览器访问它：

[iyunv@linux-node1 ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------------+
| 62d3f70e-ed8e-4840-8104-99fd2de7e689 | provider-instance | ACTIVE | public-net=192.168.56.104 |
+--------------------------------------+-------------------+--------+---------------------------+

show后面填写的是我们server的名称

[iyunv@linux-node1 ~]# openstack console url show provider-instance
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.11:6080/vnc_au ... 4-89f7-f5daea6a591c |
+-------+------------------------------------------------------------------------------------+

我们复制这个url进行访问

账号：cirros
密码：cubswin:)

提示：要使用火狐或者谷歌访问，其他浏览器可能无法打开，因为这个页面是html5
我们在这个6080端口这个页面操作的信息会被转发到192.168.56.12：5900端口。因为12是计算节点

账号		自动登录	找回密码
密码			立即注册

大疆运维招人啦，

C++ :try 语句块和异常处理

C++的多态

Red Hat RHCE 8 (EX294) Cert Guide

Java/C++ 区别：看完这一篇，就够用！

别再用过时库了！这 13 个顶级 C++ 库才是

c++ size_t 和 int 的区别

[经验分享] 创建 OpenStack云主机 [六]

相关帖子

浏览过的版块

扫码加入运维网微信交流群