文章目录
OpenStack 发放云主机(命令行)
操作准备
本篇采用 OpenStack 命令行进行操作
模拟弹性公网 EIP 地址段规划 :采用和控制节点、计算节点同一网段即可,如:192.168.129.0/24
模拟云主机私网 IP 地址段规划 :自定义网段,如:192.168.88.0/24
文章中所提到的 公网 或 外网 或 弹性IP 均为模拟网段且含义相同,本环境特指 192.168.129.0/24
发放云主机所使用的测试镜像 cirros-0.6.1-x86_64-disk.img 可 点击这里 进行下载
开源 OpenStack 环境可参考 点击这里 博文进行搭建
创建租户
使用
admin管理员环境变量登录进行操作。通过packstack工具搭建好的环境,默认会在应答文件所在目录生成 admin 用户的环境变量文件keystonerc_admin,直接通过source加载即可。
[root@controller ~]# ls
anaconda-ks.cfg back.txt keystonerc_admin memeda.txt
[root@controller ~]# cat keystonerc_admin unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='redhat'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.129.185:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
### 加载 admin 环境变量
[root@controller ~]# source keystonerc_admin
查询帮助
可使用以下命令查询所需要的参数和命令
[root@controller ~(keystone_admin)]# openstack --help | grep project
### 查询 project create 后边所跟的参数选项
[root@controller ~(keystone_admin)]# openstack help project create
创建租户并查看租户列表
[root@controller ~(keystone_admin)]# openstack project create cloud01
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | 6d48a0d228814e3d94d13ae4b561594c |
| is_domain | False |
| name | cloud01 |
| options | {
} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
### 查看租户列表
[root@controller ~(keystone_admin)]# openstack project list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 3e50ae3d137b4e38aefe605f8d5d55d9 | admin |
| 6d48a0d228814e3d94d13ae4b561594c | cloud01 |
| c33015e69cf24413812152a91368f854 | services |
+----------------------------------+----------+
创建用户并关联租户关联角色
创建用户
### --project cloud01 ---关联租户
### --password redhat ---设置密码
[root@controller ~(keystone_admin)]# openstack user create --project cloud01 --password redhat cloud01
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 6d48a0d228814e3d94d13ae4b561594c |
| domain_id | default |
| enabled | True |
| id | c0e55c998c114326b3026f495e555870 |
| name | cloud01 |
| options | {
} |
| password_expires_at | None |
+---------------------+----------------------------------+
### 查询用户列表
[root@controller ~(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 80c3cc2e50514d8ca1fece3fa04ec1e0 | admin |
| 5fee0d1cedc74ce9b012036a216a4800 | heat_admin |
| 729de1c41b5d4053a8f30e2b9b41248d | glance |
| 1dad8ac82f1849dc8825cbdb16077d4c | cinder |
| 182172d58274451da2f0054b284315d3 | nova |
| 4152e436ef354a24905ba48f7b60db0d | placement |
| e6aa16e4bd2f410fa90178e72b72f8ed | neutron |
| f4c8807efb734213bdea1510b55ea283 | swift |
| 386715e7160d423fb60faab3d1385ef5 | heat |
| 373c1285395b46a88b2aae2707a72237 | heat-cfn |
| 901cf95b957d40eba02f6bde90cd55f0 | gnocchi |
| 30b409ff4cd844df83ceb0f039d8282b | ceilometer |
| f63c99f2809947259402fd3a5a47f0e3 | aodh |
| c0e55c998c114326b3026f495e555870 | cloud01 |
+----------------------------------+------------+
### 创建完成后可以直接在web页面使用用户、密码进行登录
添加角色
开源 OpenStack 可以自己创建角色,但是没有意义,没有权限,也没有办法添加。
官方为我们准备了一些现有角色,具备权限。
### --project cloud01 --------关联租户
### --user cloud01 --------关联用户
### _member_ --------绑定角色
[root@controller ~(keystone_admin)]# openstack role add --project cloud01 --user cloud01 _member_
### 查看角色列表
[root@controller ~(keystone_admin)]# openstack role list
+----------------------------------+------------------+
| ID | Name |
+----------------------------------+------------------+
| 08a4c0d4e90c40a8b8eeaaae8eaca321 | heat_stack_user |
| 1d1871d5d64f4edd9c0dfe8156befe94 | SwiftOperator |
| 47688d54af424a44a64c23919cffcf4a | reader |
| 47ceb7e7c68440cc8b3b4069ed0b3bd3 | ResellerAdmin |
| a91f6fce440a401a9a98fa086666d4e8 | heat_stack_owner |
| ce59707ae33840aa9e5fad6ddeac0b02 | admin |
| db666d2a29134e0ba8f6cddbca4b6d05 | member |
| dfbd54b031f24745803a8e671b5da537 | _member_ |
+----------------------------------+------------------+
生成普通用户的环境变量文件
[root@controller ~(keystone_admin)]# ls
anaconda-ks.cfg back.txt keystonerc_admin memeda.txt
[root@controller ~(keystone_admin)]# cp keystonerc_admin keystonerc_cloud01
[root@controller ~(keystone_admin)]# vim keystonerc_cloud01
[root@controller ~(keystone_admin)]# cat keystonerc_cloud01
unset OS_SERVICE_TOKEN
export OS_USERNAME=cloud01
export OS_PASSWORD='redhat'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.129.185:5000/v3
export PS1='[\u@\h \W(keystone_cloud01)]\$ '
export OS_PROJECT_NAME=cloud01
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
[root@controller ~(keystone_admin)]# source keystonerc_cloud01
[root@controller ~(keystone_cloud01)]# source keystonerc_admin
创建规格(管理员)
### --ram 1024 ---内存
### --disk 3 ---磁盘
### --vcpus 1 ---虚拟cpu
### m3.cloud ---flavor 名字
[root@controller ~(keystone_admin)]# openstack flavor create --ram 1024 --disk 3 --vcpus 1 m3.cloud
+----------------------------+--------------------------------------+
| Field | Value |
+----------------------------+--------------------------------------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 3 |
| id | 9af7411f-de45-481c-89ed-2b2a02cbf2f3 |
| name | m3.cloud |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+--------------------------------------+
### 查看规格列表
[root@controller ~(keystone_admin)]# openstack flavor list
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
| 9af7411f-de45-481c-89ed-2b2a02cbf2f3 | m3.cloud | 1024 | 3 | 0 | 1 | True |
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
创建镜像(普通用户)
### 将镜像文件上传到虚拟机
[root@controller ~(keystone_admin)]# cd /tmp/
[root@controller tmp(keystone_admin)]# ls
cirros-0.6.2-x86_64-disk.img
[root@controller ~(keystone_admin)]# source keystonerc_cloud01
### --disk-format qcow2 ---磁盘格式
### --min-disk 3 ---最小磁盘
### --file ---磁盘文件路径
[root@controller ~(keystone_cloud01)]# openstack image create --disk-format qcow2 --min-disk 3 --file /tmp/cirros-0.6.2-x86_64-disk.img rhel
+------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| container_format | bare |
| created_at | 2023-08-12T13:43:04Z |
| disk_format | qcow2 |
| file | /v2/images/b39fafd7-8d41-45d8-93c9-00b2c7a77623/file |
| id | b39fafd7-8d41-45d8-93c9-00b2c7a77623 |
| min_disk | 3 |
| min_ram | 0 |
| name | rhel |
| owner | 6d48a0d228814e3d94d13ae4b561594c |
| properties | os_hidden='False', owner_specified.openstack.md5='', owner_specified.openstack.object='images/rhel', owner_specified.openstack.sha256='' |
| protected | False |
| schema | /v2/schemas/image |
| status | queued |
| tags | |
| updated_at | 2023-08-12T13:43:04Z |
| visibility | shared |
+------------------+------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack image list
+--------------------------------------+------+--------+
| ID | Name | Status |
+--------------------------------------+------+--------+
| b39fafd7-8d41-45d8-93c9-00b2c7a77623 | rhel | active |
+--------------------------------------+------+--------+
创建私网(普通用户)
### 切换到cloud01用户环境变量下
[root@controller ~(keystone_admin)]# source keystonerc_cloud01
[root@controller ~(keystone_cloud01)]#
[root@controller ~(keystone_cloud01)]# openstack network list
[root@controller ~(keystone_cloud01)]# openstack network create private01
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-12T13:13:08Z |
| description | |
| dns_domain | None |
| id | 34878836-2623-410d-a0a2-a1ca7678e798 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1442 |
| name | private01 |
| port_security_enabled | True |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-08-12T13:13:08Z |
+---------------------------+--------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack network list
+--------------------------------------+-----------+---------+
| ID | Name | Subnets |
+--------------------------------------+-----------+---------+
| 34878836-2623-410d-a0a2-a1ca7678e798 | private01 | |
+--------------------------------------+-----------+---------+
创建私网–子网(普通用户)
### --allocation-pool start=192.168.88.100,end=192.168.88.200 ---地址池
### --gateway ---网关
### --subnet-range --- 子网范围
### --network ---属于那个私网
### private_sub ---subnet名称
[root@controller ~(keystone_cloud01)]# openstack subnet create --allocation-pool start=192.168.88.100,end=192.168.88.200 --gateway 192.168.88.254 --subnet-range 192.168.88.0/24 --network private01 private_sub
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.88.100-192.168.88.200 |
| cidr | 192.168.88.0/24 |
| created_at | 2023-08-12T13:18:49Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.88.254 |
| host_routes | |
| id | 104665e7-5218-428d-b5ab-d860866f9dc5 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | private_sub |
| network_id | 34878836-2623-410d-a0a2-a1ca7678e798 |
| prefix_length | None |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-08-12T13:18:49Z |
+----------------------+--------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack subnet list
+--------------------------------------+-------------+--------------------------------------+-----------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-------------+--------------------------------------+-----------------+
| 104665e7-5218-428d-b5ab-d860866f9dc5 | private_sub | 34878836-2623-410d-a0a2-a1ca7678e798 | 192.168.88.0/24 |
+--------------------------------------+-------------+--------------------------------------+-----------------+
创建安全组(普通用户)设置规则
[root@controller ~(keystone_cloud01)]# openstack security group create sec01
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-08-12T13:24:22Z |
| description | sec01 |
| id | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| name | sec01 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| revision_number | 1 |
| rules | created_at='2023-08-12T13:24:22Z', direction='egress', ethertype='IPv4', id='01e7314e-cd6e-468a-9911-af3d9a1380c0', updated_at='2023-08-12T13:24:22Z' |
| | created_at='2023-08-12T13:24:22Z', direction='egress', ethertype='IPv6', id='5da05664-fdd9-4b01-8ce9-5cc469dcd2d7', updated_at='2023-08-12T13:24:22Z' |
| stateful | True |
| tags | [] |
| updated_at | 2023-08-12T13:24:22Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 218eb5cb-6513-4a29-b2cb-320adac7c5bd | default | Default security group | 6d48a0d228814e3d94d13ae4b561594c | [] |
| 28e58bc0-74c3-4a6b-a311-caee3308b49b | sec01 | sec01 | 6d48a0d228814e3d94d13ae4b561594c | [] |
+--------------------------------------+---------+------------------------+----------------------------------+------+
设置规则
–protocol 协议
–ingress 入方向
–dst-port 目标端口号
### 放行22端口
[root@controller ~(keystone_cloud01)]# openstack security group rule create --protocol tcp --dst-port 22:22 --ingress sec01
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2023-08-12T13:27:25Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | a14c9080-a3e1-4e3b-9910-02e20fec5492 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| tags | [] |
| updated_at | 2023-08-12T13:27:25Z |
+-------------------+--------------------------------------+
### 放行80端口
[root@controller ~(keystone_cloud01)]# openstack security group rule create --protocol tcp --dst-port 80:80 --ingress sec01
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2023-08-12T13:27:34Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 592464cb-6415-4842-907f-acf46bd39adf |
| name | None |
| port_range_max | 80 |
| port_range_min | 80 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| tags | [] |
| updated_at | 2023-08-12T13:27:34Z |
+-------------------+--------------------------------------+
### ICMP协议没有端口
[root@controller ~(keystone_cloud01)]# openstack security group rule create --protocol icmp --ingress sec01
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2023-08-12T13:30:09Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 275ae6b3-4cf1-42d2-9ea5-c7659c558946 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| tags | [] |
| updated_at | 2023-08-12T13:30:09Z |
+-------------------+--------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack security group rule list
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+--------------------------------------+
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+--------------------------------------+
| 01e7314e-cd6e-468a-9911-af3d9a1380c0 | None | IPv4 | 0.0.0.0/0 | | None | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| 090aa53b-eae8-41ea-995b-5f881c3d3b0d | None | IPv4 | 0.0.0.0/0 | | None | 218eb5cb-6513-4a29-b2cb-320adac7c5bd |
| 0b575a5d-593b-49a1-bec6-34c9eb341f5b | None | IPv6 | ::/0 | | 218eb5cb-6513-4a29-b2cb-320adac7c5bd | 218eb5cb-6513-4a29-b2cb-320adac7c5bd |
| 275ae6b3-4cf1-42d2-9ea5-c7659c558946 | icmp | IPv4 | 0.0.0.0/0 | | None | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| 592464cb-6415-4842-907f-acf46bd39adf | tcp | IPv4 | 0.0.0.0/0 | 80:80 | None | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| 5da05664-fdd9-4b01-8ce9-5cc469dcd2d7 | None | IPv6 | ::/0 | | None | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| 75074f89-7b5b-4e9c-b8cc-26d41bc51281 | None | IPv6 | ::/0 | | None | 218eb5cb-6513-4a29-b2cb-320adac7c5bd |
| a14c9080-a3e1-4e3b-9910-02e20fec5492 | tcp | IPv4 | 0.0.0.0/0 | 22:22 | None | 28e58bc0-74c3-4a6b-a311-caee3308b49b |
| a898a767-b7a2-4e72-b0e6-ce1e983f1594 | None | IPv4 | 0.0.0.0/0 | | 218eb5cb-6513-4a29-b2cb-320adac7c5bd | 218eb5cb-6513-4a29-b2cb-320adac7c5bd |
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+--------------------------------------+
创建密钥(普通用户)
[root@controller ~(keystone_cloud01)]#
[root@controller ~(keystone_cloud01)]# openstack keypair create key01 > key01.pem
[root@controller ~(keystone_cloud01)]# ls
anaconda-ks.cfg key01.pem keystonerc_cloud01
back.txt keystonerc_admin memeda.txt
[root@controller ~(keystone_cloud01)]#
发放云主机(普通用户)
[root@controller ~(keystone_cloud01)]# openstack serverr create --flavor m3.cloud --image rhel --min 1 --secu1rity-group sec01 --key-name key01 --network private01 Linux01
+-----------------------------+-------------------------------------------------+
| Field | Value |
+-----------------------------+-------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | rPZKoh2nq3uy |
| config_drive | |
| created | 2023-08-12T13:46:25Z |
| flavor | m3.cloud (9af7411f-de45-481c-89ed-2b2a02cbf2f3) |
| hostId | |
| id | cf35d5a1-29b0-45cc-8a42-e60c373df6b9 |
| image | rhel (b39fafd7-8d41-45d8-93c9-00b2c7a77623) |
| key_name | key01 |
| name | Linux01 |
| progress | 0 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| properties | |
| security_groups | name='28e58bc0-74c3-4a6b-a311-caee3308b49b' |
| status | BUILD |
| updated | 2023-08-12T13:46:25Z |
| user_id | c0e55c998c114326b3026f495e555870 |
| volumes_attached | |
+-----------------------------+-------------------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack server list
+--------------------------------------+---------+--------+--------------------------+-------+----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+---------+--------+--------------------------+-------+----------+
| cf35d5a1-29b0-45cc-8a42-e60c373df6b9 | Linux01 | ACTIVE | private01=192.168.88.131 | rhel | m3.cloud |
+--------------------------------------+---------+--------+--------------------------+-------+----------+
创建公网(管理员)
[root@controller ~(keystone_cloud01)]# source keystonerc_admin
[root@controller ~(keystone_admin)]#
[root@controller ~(keystone_admin)]# openstack network create --share --external --project cloud01 --provider-network-type flat --provider-physical-network extnet public01
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-12T13:57:11Z |
| description | |
| dns_domain | None |
| id | 3fa184df-df9a-4e0c-85b6-d4d3885f7061 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | public01 |
| port_security_enabled | True |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| provider:network_type | flat |
| provider:physical_network | extnet |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-08-12T13:57:11Z |
+---------------------------+--------------------------------------+
[root@controller ~(keystone_admin)]# openstack network list
+--------------------------------------+-----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-----------+--------------------------------------+
| 34878836-2623-410d-a0a2-a1ca7678e798 | private01 | 104665e7-5218-428d-b5ab-d860866f9dc5 |
| 3fa184df-df9a-4e0c-85b6-d4d3885f7061 | public01 | |
+--------------------------------------+-----------+--------------------------------------+
创建公网-子网
### NAT网关
[root@controller ~(keystone_admin)]# openstack subnet create --dhcp --gateway 192.168.129.2 --subnet-range 192.168.129.0/24 --network public01 --allocation-pool start=192.168.129.220,end=192.168.129.230 public_sub
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.129.220-192.168.129.230 |
| cidr | 192.168.129.0/24 |
| created_at | 2023-08-12T14:02:06Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.129.2 |
| host_routes | |
| id | 02ba6b39-a588-47c7-89ba-6e2cac8728a0 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public_sub |
| network_id | 3fa184df-df9a-4e0c-85b6-d4d3885f7061 |
| prefix_length | None |
| project_id | 3e50ae3d137b4e38aefe605f8d5d55d9 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-08-12T14:02:06Z |
+----------------------+--------------------------------------+
[root@controller ~(keystone_admin)]# openstack subnet list
+--------------------------------------+-------------+--------------------------------------+------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+-------------+--------------------------------------+------------------+
| 02ba6b39-a588-47c7-89ba-6e2cac8728a0 | public_sub | 3fa184df-df9a-4e0c-85b6-d4d3885f7061 | 192.168.129.0/24 |
| 104665e7-5218-428d-b5ab-d860866f9dc5 | private_sub | 34878836-2623-410d-a0a2-a1ca7678e798 | 192.168.88.0/24 |
+--------------------------------------+-------------+--------------------------------------+------------------+
创建路由(普通用户)
(设置网关连接公网及创建接口连接私网)云主机可以ping通外网router
[root@controller ~(keystone_cloud01)]# openstack router create r01
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-12T14:04:08Z |
| description | |
| external_gateway_info | null |
| flavor_id | None |
| id | db259f93-6745-4052-94e0-9748b29fd4c1 |
| name | r01 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-08-12T14:04:08Z |
+-------------------------+--------------------------------------+
添加网关
[root@controller ~(keystone_cloud01)]# openstack router set --external-gateway public01 r01
[root@controller ~(keystone_cloud01)]# openstack router show r01
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-12T14:04:08Z |
| description | |
| external_gateway_info | {
"network_id": "3fa184df-df9a-4e0c-85b6-d4d3885f7061", "external_fixed_ips": [{
"subnet_id": "02ba6b39-a588-47c7-89ba-6e2cac8728a0", "ip_address": "192.168.129.221"}], "enable_snat": true} |
| flavor_id | None |
| id | db259f93-6745-4052-94e0-9748b29fd4c1 |
| interfaces_info | [] |
| name | r01 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| revision_number | 3 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-08-12T14:08:31Z |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建接口
[root@controller ~(keystone_cloud01)]# openstack router add subnet r01 private_sub
[root@controller ~(keystone_cloud01)]# openstack router show r01
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-08-12T14:04:08Z |
| description | |
| external_gateway_info | {
"network_id": "3fa184df-df9a-4e0c-85b6-d4d3885f7061", "external_fixed_ips": [{
"subnet_id": "02ba6b39-a588-47c7-89ba-6e2cac8728a0", "ip_address": "192.168.129.221"}], "enable_snat": true} |
| flavor_id | None |
| id | db259f93-6745-4052-94e0-9748b29fd4c1 |
| interfaces_info | [{
"port_id": "4c1e18fd-d601-4041-bcfa-0c23c7cb2941", "ip_address": "192.168.88.254", "subnet_id": "104665e7-5218-428d-b5ab-d860866f9dc5"}] |
| name | r01 |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| revision_number | 4 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-08-12T14:12:58Z |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
绑定EIP并访问实例(普通用户)
分配ELP
[root@controller ~(keystone_cloud01)]# openstack floating ip create public01
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2023-08-12T14:16:02Z |
| description | |
| dns_domain | None |
| dns_name | None |
| fixed_ip_address | None |
| floating_ip_address | 192.168.129.223 |
| floating_network_id | 3fa184df-df9a-4e0c-85b6-d4d3885f7061 |
| id | e1717448-4dc2-4387-b82b-c8fbbb1c7b3e |
| name | 192.168.129.223 |
| port_details | None |
| port_id | None |
| project_id | 6d48a0d228814e3d94d13ae4b561594c |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| tags | [] |
| updated_at | 2023-08-12T14:16:02Z |
+---------------------+--------------------------------------+
[root@controller ~(keystone_cloud01)]# openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| e1717448-4dc2-4387-b82b-c8fbbb1c7b3e | 192.168.129.223 | None | None | 3fa184df-df9a-4e0c-85b6-d4d3885f7061 | 6d48a0d228814e3d94d13ae4b561594c |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
[root@controller ~(keystone_cloud01)]#
绑定ELP
[root@controller ~(keystone_cloud01)]# openstack server add floating ip Linux01 192.168.129.223
测试并访问
[root@controller ~(keystone_cloud01)]# ping 192.168.129.223
[root@controller ~(keystone_cloud01)]# ls
anaconda-ks.cfg key01.pem keystonerc_cloud01
back.txt keystonerc_admin memeda.txt
[root@controller ~(keystone_cloud01)]# chmod 400 key
key01.pem keystonerc_cloud01
keystonerc_admin
[root@controller ~(keystone_cloud01)]# chmod 400 key01.pem
[root@controller ~(keystone_cloud01)]# ssh -i key01.pem [email protected]
The authenticity of host '192.168.129.223 (192.168.129.223)' can't be established.
ECDSA key fingerprint is SHA256:QBtdPH9YMEA2drNOug2Yhu5F+nt8v+XG4cVvBOUo+GM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.129.223' (ECDSA) to the list of known hosts.
$ sudo -i
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast qlen 1000
link/ether fa:16:3e:aa:00:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.88.131/24 brd 192.168.88.255 scope global dynamic noprefixroute eth0
valid_lft 41235sec preferred_lft 35835sec
inet6 fe80::f816:3eff:feaa:e3/64 scope link
valid_lft forever preferred_lft forever
#
- END