8.1、创建虚拟网络
获取权限
在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:
$ . admin-openrc
1、创建网络:
$ openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
``--share``选项允许所有项目使用虚拟网络
--external定义外部网络
--internal 定义内部网络
Default value is internal.
分配虚拟机的网络参数配置
2、控制节点上修改如下文件
ml2_conf.ini:
[ml2_type_flat]
flat_networks = provider
linuxbridge_agent.ini:
[linux_bridge]
physical_interface_mappings = provider:eth1
3、在网络上创建一个子网:
$ openstack subnet create --network provider \
--allocation-pool start=10.129.0.100,end=10.129.0.130 \
--dns-nameserver 114.114.114.114 --gateway 10.129.0.3 \
--subnet-range 10.129.0.0/24 provider
$ openstack subnet create --network provider \
--allocation-pool start=203.0.113.101,end=203.0.113.250 \
--dns-nameserver 8.8.4.4 --gateway 203.0.113.1 \
--subnet-range 203.0.113.0/24 provider
8.2、创建一个主机类型
$ openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
8.3、生成一个键值对
大部分云镜像支持 :term:`public key authentication`而不是传统的密码登陆。在启动实例前,你必须添加一个公共密钥到计算服务。
导入``demo``项目凭证
$ . demo-openrc
Generate a key pair and add a public key:
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
| name | mykey |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+-------------+-------------------------------------------------+
注解
另外,你可以跳过执行 ssh-keygen 命令而使用已存在的公钥。
验证公钥的添加:
$ openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
+-------+-------------------------------------------------+
8.4、增加安全组规则
我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加新规则到 default 安全组。
$ openstack security group rule create --proto icmp default
$ openstack security group rule create --proto tcp --dst-port 22 default
启动一个实例
如果选择网络选项1,你只能在公网创建实例。如果选择网络选项2,你可以在公网或私网创建实例。
8.5、确定实例选项
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。
在控制节点上,获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
$ . demo-openrc
一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
1、列出可用类型:
$ openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
注解
您也可以以 ID 引用类型。
2、列出可用镜像:
$ openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 390eb5f7-8d49-41ec-95b7-68c0d5d54b34 | cirros | active |
+--------------------------------------+--------+--------+
这个实例使用``cirros``镜像。
3、列出可用网络:
$ openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 4716ddfe-6e60-40e7-b2a8-42e57bf3c31c | selfservice | 2112d5eb-f9d6-45fd-906e-7cabd38b7c7c |
| b5b6993c-ddf9-40e7-91d0-86806a42edb8 | provider | 310911f6-acf0-4a47-824e-3032916582ff |
+--------------------------------------+--------------+--------------------------------------+
这个实例使用 ``provider``公有网络。 你必须使用ID而不是名称才可以使用这个网络。
注解
如果你选择选项2,输出信息应该也包含私网``selfservice``的信息。
4、列出可用的安全组
$ openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group | a516b957032844328896baa01e0f906c |
+--------------------------------------+---------+------------------------+----------------------------------+
这个实例使用 default 安全组。
5、启动云主机
启动实例:
使用``provider``公有网络的ID替换``PUBLIC_NET_ID``。
注解
如果你选择选项1并且你的环境只有一个网络,你可以省去``–nic`` 选项因为OpenStack会自动选择这个唯一可用的网络。
$ openstack server create --flavor centos10g --image centos --nic net-id=dd75ac96-953e-4c41-a032-50e822af4539 --security-group default centos10g-4
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | hdF4LMQqC5PB |
| config_drive | |
| created | 2015-09-17T21:58:18Z |
| flavor | m1.nano |
| hostId | |
| id | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf |
| image | cirros (38047887-61a7-41ea-9b49-27987d5e8bb9) |
| key_name | mykey |
| metadata | {} |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |
| updated | 2015-09-17T21:58:18Z |
| user_id | 684286a9079845359882afc3aa5011fb |
+--------------------------------------+-----------------------------------------------+
检查实例的状态:
6、查看云主机运行状态
$ openstack server list
+--------------------------------------+-------------------+--------+------------------------+------------+
| ID | Name | Status | Networks | Image Name |
+--------------------------------------+-------------------+--------+------------------------+------------+
| 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | provider-instance | ACTIVE | provider=203.0.113.103 | cirros |
+--------------------------------------+-------------------+--------+------------------------+------------+
当构建过程完全成功后,状态会从 BUILD``变为``ACTIVE。
7、使用虚拟控制台访问实例
获取你势力的 Virtual Network Computing (VNC) 会话URL并从web浏览器访问它:
$ openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |
+-------+---------------------------------------------------------------------------------+
8、登录虚拟机
默认用户名是cirros,密码是cubswin:)
8.6、块设备存储
如果你的环境包含块存储服务,你可以创建一个卷并连接到一个实例上。
$ . demo-openrc
1、创建卷
创建一个 1 GB 的卷
$ openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2016-03-08T14:30:48.391027 |
| description | None |
| encrypted | False |
| id | a1e8be72-a395-4a6f-8e07-856a57c39524 |
| multiattach | False |
| name | volume1 |
| properties | |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | None |
| updated_at | None |
| user_id | 684286a9079845359882afc3aa5011fb |
+---------------------+--------------------------------------+
过会,卷状态应该从``creating`` 变成``available``:
2、查看卷状态
$ openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+-----------+------+-------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | available | 1 | |
+--------------------------------------+--------------+-----------+------+-------------+
3、附加卷到一个实例上
$ openstack server add volume INSTANCE_NAME VOLUME_NAME
$ openstack server add volume provider-instance volume1
4、列出卷:
$ openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | in-use | 1 | Attached to provider-instance on /dev/vdb |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
使用SSH方式访问你的实力,并使用``fdisk`` 命令验证`/dev/vdb`块存储设备作为卷存在。
5、检测挂载状态
$ sudo fdisk -l
Disk /dev/vda: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/vda1 * 16065 2088449 1036192+ 83 Linux
Disk /dev/vdb: 1073 MB, 1073741824 bytes
16 heads, 63 sectors/track, 2080 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Disk /dev/vdb doesn't contain a valid partition table