7.3、创建云主机
1、使用admin的环境变量:
. /scripts/admin-openstack.sh
#说明:在控制端操作;
2、检查端口号:
netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 12435/python2
#neutron服务;
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 1203/python2
#novncproxy服务;
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 12336/python2
#nova服务;
tcp 0 0 0.0.0.0:8775 0.0.0.0:* LISTEN 12336/python2
#nova服务;
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 1194/python2
#glance服务;
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 1211/beam
tcp 0 0 172.16.1.11:3306 0.0.0.0:* LISTEN 1378/mysqld
tcp 0 0 172.16.1.11:11211 0.0.0.0:* LISTEN 1208/memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1208/memcached
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 1210/python2
#glance服务;
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1192/sshd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 1211/beam
#rabbitMQ的web界面;
tcp6 0 0 :::5672 :::* LISTEN 1211/beam
#rabbitMQ的服务;
tcp6 0 0 :::5000 :::* LISTEN 1209/httpd
#keystone服务;
tcp6 0 0 :::8778 :::* LISTEN 1209/httpd
#placement服务;
tcp6 0 0 ::1:11211 :::* LISTEN 1208/memcached
tcp6 0 0 :::80 :::* LISTEN 1209/httpd
tcp6 0 0 :::22 :::* LISTEN 1192/sshd
udp 0 0 127.0.0.1:323 0.0.0.0:* 894/chronyd
udp 0 0 0.0.0.0:123 0.0.0.0:* 894/chronyd
udp6 0 0 ::1:323 :::* 894/chronyd
3、检查服务:
(1)检查keystone和glance服务:
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| a036ec33-6df8-45ec-adbe-4b0ac189dc8c | cirros | active |
+--------------------------------------+--------+--------+
(2)检查nova服务:
openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2019-03-30T10:26:57.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2019-03-30T10:27:01.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2019-03-30T10:26:56.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2019-03-30T10:26:57.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
(3)检查neutron服务:
openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 1210dc27-0620-49d4-850e-2d3c86cf6a43 | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 2aed088c-e3a4-4714-a63d-3056eabddafa | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| 2ccc602e-29d4-46b2-a501-19a17a6a9b8f | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 7021bdb8-e775-4c88-8976-06c1549f0440 | Linux bridge agent | compute1 | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
(4)检查neutron网卡:
brctl show
bridge name bridge id STP enabled interfaces
brqc148981c-3a 8000.000c29e416df no eth0
tap8c4ff3d7-3e
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.253 0.0.0.0 UG 99 0 0 brqc148981c-3a
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 brqc148981c-3a
172.16.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
4、创建虚拟网络(网络选项1-提供商网络):
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
(1)参数说明:
--share #允许所有项目使用虚拟网络;
--external #将虚拟网络定义为外部,如果您希望创建内部网络,则可以使用--internal,默认值是internal;
--provider-physical-network provider #创建的物理网络接口;
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
--provider-network-type flat provider #网络类型为扁平网络,网络的名称为provider;
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks = provider
5、在虚拟网络上创建子网:
openstack subnet create --network provider \
--allocation-pool start=10.0.0.70,end=10.0.0.90 \
--dns-nameserver 114.114.114.114 --gateway 10.0.0.253 \
--subnet-range 10.0.0.0/24 provider-subnet
(1)参数解释:
--network provider #虚拟网络的名称为provider;
--allocation-pool start=10.0.0.70,end=10.0.0.90 #虚拟网络子网的地址池范围;
--dns-nameserver 114.114.114.114 #虚拟网络子网的dns地址;
--gateway 10.0.0.253 #虚拟网络子网的网关地址;
--subnet-range 10.0.0.0/24 #虚拟网络子网网络和掩码;
provider-subnet #子网的名称为provider-subnet;
(2)验证网络:
openstack network list
+------------------------------------------------+-------------+------------------------------------------------------+
| ID | Name | Subnets |
+------------------------------------------------+-------------+------------------------------------------------------+
| c148981c-3a89-4d41-b570-3a04dc71c0b7 | provider | 22439e82-276b-4422-8162-b90805876921 |
+------------------------------------------------+---------------------------------------------------------------------+
openstack subnet list
+-------------------------------------------------------+-------------------+------------------------------------------------+-------------+
| ID | Name | Network | Subnet |
+-------------------------------------------------------+-------------------+------------------------------------------------+-------------+
| 22439e82-276b-4422-8162-b90805876921 | provider-subnet | c148981c-3a89-4d41-b570-3a04dc71c0b7 | 10.0.0.0/24 |
+-------------------------------------------------------+---------------------------------------------------------------------+--------------+
6、创建云主机类型:
(1)创建:
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
说明:云主机默认每个实例最小消耗512MB内存,对于计算节点包含少于4GB内存的环境,我们建议创建名称为m1.nano的云主机,每个实例仅
需要64MB的内存,仅将此类型与CirrOS镜像一起用于测试目的;
(2)查看虚拟机资源分配配置文件,包括处理器,内存和存储:
openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
7、生成秘钥对:
大多数云主机支持公钥认证,而不是传统的密码认证。在启动实例之前,必须向Compute服务添加公钥。
(1)获取demo项目凭证:
. /scripts/demo-openstack.sh
说明:创建云主机使用demo用户进行创建;
(2)生成秘钥对并添加公钥:
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
#使用openstack在/root/.ssh/目录下创建名为mykey的秘钥对,并把'id_rsa.pub'公钥上传到云主机,在使
#用ssh登录云主机时不需要用户名密码验证;
(3)验证生成的秘钥对:
openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 2d:41:60:94:a9:c8:40:61:df:9e:e9:72:05:35:d9:e7 |
+-------+-------------------------------------------------+
8、添加安全规则:
默认情况下,default安全组适用于所有实例,并包含拒绝远程访问实例的防火墙规则。对于CirrOS等Linux映像,我们建议至少
允许ICMP(ping)和安全shell(ssh);
(1)获取demo项目凭证:
. /scripts/demo-openstack.sh
(2)允许icmp(ping):
openstack security group rule create --proto icmp default
(3)允许shell(ssh)访问:
openstack security group rule create --proto tcp --dst-port 22 default
(4)验证安全组:
openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+-------------+----------------------------------+------+
| fab535f0-12e9-4d00-b30f-64cf439a11f7 | default | 缺省安全组 | 7c669159485646e08448dedeb506fa2c | [] |
+--------------------------------------+---------+-------------+----------------------------------+------+
9、启动实例(网络选项1-提供商网络):
(1)获取demo项目凭证:
. /scripts/demo-openstack.sh
(2)列出可用的云主机配置文件:
openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
(3)列出可用的云主机镜像:
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| a036ec33-6df8-45ec-adbe-4b0ac189dc8c | cirros | active |
+--------------------------------------+--------+--------+
(4)列出可用的网络:
openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| c148981c-3a89-4d41-b570-3a04dc71c0b7 | provider | 22439e82-276b-4422-8162-b90805876921 |
+--------------------------------------+----------+--------------------------------------+
(5)列出可用的安全组:
openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+---------+-------------+----------------------------------+------+
| fab535f0-12e9-4d00-b30f-64cf439a11f7 | default | Default security group | 7c669159485646e08448dedeb506fa2c | [] |
+--------------------------------------+---------+-------------+----------------------------------+------+
(6)启动:
openstack server create --flavor m1.nano --image cirros \
--nic net-id=c148981c-3a89-4d41-b570-3a04dc71c0b7 --security-group default \
--key-name mykey provider-instance
1)参数说明:
--flavor m1.nano #云主机的类型;
--image cirros #云主机镜像名称;
--nic net-id=c148981c-3a89-4d41-b570-3a04dc71c0b7 #创建的虚拟网络id;
--security-group default #使用的是默认安全组;
--key-name mykey #使用的秘钥对为mykey;
provider-instance #创建的云主机实例名称为;
(7)检查云主机实例状态:
openstack server list
+--------------------------------------+-------------------+--------+--------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+--------------------+--------+---------+
| b431f17d-0a1a-491c-9020-05da958cddd0 | provider-instance | ACTIVE | provider=10.0.0.84 | cirros | m1.nano |
+--------------------------------------+-------------------+--------+--------------------+--------+---------+
补充:实例的管理 openstack server reboot/start/stop/delete b431f17d-0a1a-491c-9020-05da958cddd0
(8)获得访问实例的虚拟控制台url地址:
openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=61203d7b-ee63-4aba-8cc0-086631bc8b14 |
+-------+---------------------------------------------------------------------------------+
#注意:上面的url在每次执行显示url值时会发生改变;
10、验证:
(1)通过web界面访问云主机:
(2)在计算节点验证:
1)查看虚拟机:
virsh list --all
Id 名称 状态
----------------------------------------------------
2 instance-00000004 running
2)查看虚拟机的磁盘位置:
virsh domblklist instance-00000004
目标 源
------------------------------------------------
vda /var/lib/nova/instances/b431f17d-0a1a-491c-9020-05da958cddd0/disk
3)查看主机网络:
brctl show
bridge name bridge id STP enabled interfaces
brqc148981c-3a 8000.000c2944bb23 no eth0
tapcfd03699-61
#提示:在没有创建虚拟机的时候计算节点是不会建立桥接的;
4)ping虚拟机:
(3)控制节点验证:
(4)小结:
通过以上验证可以得知,虚拟机同过桥接的模式在计算节点上的eth0网卡上,从逻辑上可以看做
虚拟机和控制节点、计算节点在同一个网段,连在了同一台交换机上;也可以改变虚拟机在计算节点上的桥接
网卡,比如桥接到的是eth1网卡,只要能和控制节点的dhcp-agent通信即可;
