OpenStack部署应用第五篇:创建一个实例(转)
这部分创建必须的虚拟网络来支持创建多个实例。网络选项1包含一个使用公共虚拟网络(外部网络)的实例。网络选项2包含一个使用公共虚拟网络的实例、一个使用私有虚拟网络(私有网络)的实例。
1、创建虚拟网络
根据你在网络选项中的选择来创建虚拟网络。如果你选择选项1,只需创建一个公有网络。如果你选择选项2,同时创建一个公有网络和一个私有网络
在你完成自己环境中合适网络的创建后,你可以继续后面的步骤来准备创建实例。
[root@linux-node1 ~]# source admin-openstack [root@linux-node1 ~]# openstack network create --share --provider-physical-network public --provider-network-type flat public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-01-13T14:47:08Z | | description | | | headers | | | id | c41444e8-76af-44de-ac11-7ffa76bf42cc | | ipv4_address_scope | None | | ipv6_address_scope | None | | mtu | 1500 | | name | public | | port_security_enabled | True | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | None | | revision_number | 3 | | router:external | Internal | | shared | True | | status | ACTIVE | | subnets | | | tags | [] | | updated_at | 2017-01-13T14:47:08Z | +---------------------------+--------------------------------------+ [root@linux-node1 ~]# neutron net-list +--------------------------------------+--------+---------+ | id | name | subnets | +--------------------------------------+--------+---------+ | c41444e8-76af-44de-ac11-7ffa76bf42cc | public | | +--------------------------------------+--------+---------+
[root@linux-node1 ~]# openstack subnet create --network public \ > --allocation-pool start=192.168.56.100,end=192.168.56.200 \ > --dns-nameserver 192.168.56.2 --gateway 192.168.56.2 \ > --subnet-range 192.168.56.0/24 public-subnet
+-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.56.100-192.168.56.200 | | cidr | 192.168.56.0/24 | | created_at | 2017-01-13T14:48:43Z | | description | | | dns_nameservers | 192.168.56.2 | | enable_dhcp | True | | gateway_ip | 192.168.56.2 | | headers | | | host_routes | | | id | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public-subnet | | network_id | c41444e8-76af-44de-ac11-7ffa76bf42cc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | revision_number | 2 | | service_types | [] | | subnetpool_id | None | | updated_at | 2017-01-13T14:48:43Z | +-------------------+--------------------------------------+ [root@linux-node1 ~]# neutron subnet-list +--------------------------------------+---------------+-----------------+------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+---------------+-----------------+------------------------------------------------------+ | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | public-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} | +--------------------------------------+---------------+-----------------+------------------------------------------------------+
2、创建m1.nano类型
默认的最小规格的主机需要512 MB内存。对于环境中计算节点内存不足4 GB的,我们推荐创建只需要64 MB的``m1.nano``规格的主机。若单纯为了测试的目的,请使用``m1.nano``规格的主机来加载CirrOS镜像
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
3、生成一个键值对
大部分云镜像支持 :term:`public key authentication`而不是传统的密码登陆。在启动实例前,你必须添加一个公共密钥到计算服务。
1)导入``demo``项目凭证
[root@linux-node1 ~]# source demo-openstack
2)生成和添加秘钥对
[root@linux-node1 ~]# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): [root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 59:6b:ef:87:46:60:7a:e9:1d:e2:30:45:cd:f3:8b:c6 | | name | mykey | | user_id | f83238e0bc2444a197cdf36e8db6a67d | +-------------+-------------------------------------------------+
注释:你可以跳过执行 ssh-keygen 命令而使用已存在的公钥
3)验证公钥的添加
[root@linux-node1 ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 59:6b:ef:87:46:60:7a:e9:1d:e2:30:45:cd:f3:8b:c6 | +-------+-------------------------------------------------+
4、新增安全组规则
默认情况下, ``default``安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。
添加规则到 default 安全组
# Permit ICMP (ping) [root@linux-node1 ~]# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-01-14T12:28:56Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | 28b62d70-2929-46ff-a016-e8ba8d024b74 | | port_range_max | None | | port_range_min | None | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | | updated_at | 2017-01-14T12:28:56Z | +-------------------+--------------------------------------+ # 允许安全 shell (SSH) 的访问 [root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-01-14T12:29:08Z | | description | | | direction | ingress | | ethertype | IPv4 | | headers | | | id | bcaf15fe-3f9d-45a5-845e-db893e65b07e | | port_range_max | 22 | | port_range_min | 22 | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | project_id | 4378796a61c0468fb8cceda3fd5258dc | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | | updated_at | 2017-01-14T12:29:08Z | +-------------------+--------------------------------------+
5、启动一个实例
5.1 在公有网络上创建实例
启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称
1、 控制节点上,获得 admin 凭证来获取只有管理员能执行的命令的访问权限 [root@linux-node1 ~]# source admin-openstack 2、 一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储 [root@linux-node1 ~]# openstack flavor list # 列出可用类型 +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+ 3、列出可用镜像 [root@linux-node1 ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 1c6e8080-b3a3-4b7f-979c-0f2c5d0b408a | cirros | active | +--------------------------------------+--------+--------+ 4、列出可用网络 [root@linux-node1 ~]# openstack network list +--------------------------------------+--------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+--------+--------------------------------------+ | c41444e8-76af-44de-ac11-7ffa76bf42cc | public | 18a64f64-dc20-4b0f-98b5-e954ddd7a805 | +--------------------------------------+--------+--------------------------------------+ 5、列出可以的安全组 [root@linux-node1 ~]# openstack security group list +--------------------------------------+---------+-------------+----------------------------------+ | ID | Name | Description | Project | +--------------------------------------+---------+-------------+----------------------------------+ | 2abc11a2-0704-4f8a-a17b-c620e2aa5e22 | default | 缺省安全组 | 4378796a61c0468fb8cceda3fd5258dc | +--------------------------------------+---------+-------------+----------------------------------+
启动云主机
注:使用``provider``公有网络的ID替换``PUBLIC_NET_ID`` 即:openstack network list
本案例:如果你选择选项1并且你的环境只有一个网络,你可以省去``–nic`` 选项因为OpenStack会自动选择这个唯一可用的网络
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros --security-group default --key-name mykey demo-instance +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | sF4VCrbpttsQ | | config_drive | | | created | 2017-01-14T12:44:57Z | | flavor | m1.nano (0) | | hostId | | | id | 755fa8ad-36c7-42be-a0dd-f0196522776d | | image | cirros (1c6e8080-b3a3-4b7f-979c-0f2c5d0b408a) | | key_name | mykey | | name | demo-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 1422ce46981848578060cf73fba40b3b | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2017-01-14T12:44:58Z | | user_id | f83238e0bc2444a197cdf36e8db6a67d | +--------------------------------------+-----------------------------------------------+
# 检查实例状态 [root@linux-node1 ~]# openstack server list +--------------------------------------+---------------+--------+-----------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------------------------+---------------+--------+-----------------------+------------+ | 755fa8ad-36c7-42be-a0dd-f0196522776d | demo-instance | ACTIVE | public=192.168.56.102 | cirros | +--------------------------------------+---------------+--------+-----------------------+------------+ 注:当构建过程完全成功后,状态会从 BUILD``变为``ACTIVE # 使用虚拟控制台访问实例 获取你势力的 Virtual Network Computing (VNC) 会话URL并从web浏览器访问它 [root@linux-node1 ~]# openstack console url show demo-instance +-------+------------------------------------------------------------------------------------+ | Field | Value | +-------+------------------------------------------------------------------------------------+ | type | novnc | | url | http://192.168.56.11:6080/vnc_auto.html?token=0e41d4c0-c5d9-45ed-bf1d-b8b11b887502 | +-------+------------------------------------------------------------------------------------+ CirrOS 镜像包含传统的用户名/密码认证方式并需在登录提示中提供这些这些认证。登录到 CirrOS 后,我们建议您验证使用``ping``验证网络的连通性。
验证:
1)能否ping通公有网络的网关
2)验证能否连接到互联网
3)验证控制节点或者其他公有网络上的主机能否ping通实例(问题排查)
4)在控制节点或其他公有网络上的主机使用 SSH远程访问实例(问题排查)
6、块设备存储
7、编排
8、共享文件系统
出处:http://www.cnblogs.com/madsnotes/
声明:本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。